Render cypher_raw output as HTML instead of wikitext#1069
Merged
Conversation
Fixes #1067 `{{#cypher_raw}}` handed its JSON to the parser as wikitext, so any URL in a returned value got autolinked. The closing quote of the JSON string was swallowed into the link and percent-encoded, leaving the reader with invalid JSON and `<a>` tags inside the `<pre>`. Returns the output as HTML instead, the way `#view` and `#neowiki_value` already do, and the way `{{#sparql_raw}}` was fixed in #1051. `isHTML` is the flag that does the work: it strip-armours the text so the parser leaves it alone. `noparse` is already the default for a parser-function return and is included only to match the shape used elsewhere. The error path gets the same treatment, as the store's message can itself carry a URL. Returning an array requires widening the `: string` return types on `CypherRawParserFunction::handle()` and on the `cypher_raw` closure in `Neo4jPlugin`, which would otherwise fatal with a `TypeError`. ## Testing The existing unit tests could not catch this: they assert on what `handle()` returns, while the corruption happens afterwards, inside the parser. `CypherRawParserFunctionParsingTest` parses wikitext through a real `Parser` and asserts on what a reader ends up with, mirroring `SparqlRawParserFunctionParsingTest`. Verified failing before the fix and passing after. Co-Authored-By: Claude Opus 4.8 (max) <noreply@anthropic.com>
The unit tests exercised the returned HTML but never the flags that carry it: replacing asHtml()'s return with [ $html ], which drops both flags and reintroduces the corruption, left all eight of them green. Only the parser-level test caught it. Adds the two armour tests the sparql_raw sibling already has, covering the result and the error path. Also makes the error-path rationale precise: unlike the SPARQL side, no Cypher error message carries the endpoint URL, since backendUnavailable passes no params. A URL reaches the message by being echoed back from the offending query. Co-Authored-By: Claude Opus 4.8 (max) <noreply@anthropic.com>
JeroenDeDauw
marked this pull request as ready for review
July 17, 2026 13:01
This was referenced Jul 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1067
{{#cypher_raw}}handed its JSON to the parser as wikitext, so any URL in a returned valuegot autolinked. The closing quote of the JSON string was swallowed into the link and
percent-encoded, leaving the reader with invalid JSON and
<a>tags inside the<pre>.Returns the output as HTML instead, the way
#viewand#neowiki_valuealready do, and theway
{{#sparql_raw}}was fixed in #1051.isHTMLis the flag that does the work: itstrip-armours the text so the parser leaves it alone.
noparseis already the default for aparser-function return and is included only to match the shape used elsewhere.
The error path gets the same treatment. Unlike the SPARQL side, no Cypher error message
carries the endpoint URL, since
backendUnavailablepasses no params; a URL reaches themessage by being echoed back from the offending query.
Returning an array means changing the
: stringreturn type to: arrayonCypherRawParserFunction::handle()and on thecypher_rawclosure inNeo4jPlugin, whichwould otherwise fatal with a
TypeError.Testing
The existing unit tests could not catch this: they assert on what
handle()returns, whilethe corruption happens afterwards, inside the parser.
CypherRawParserFunctionParsingTestparses wikitext through a real
Parserand asserts on what a reader ends up with, mirroringSparqlRawParserFunctionParsingTest. Verified failing before the fix and passing after.The second commit closes a gap found in review: the unit tests exercised the returned HTML but
never the flags that carry it, so replacing
asHtml()'s return with[ $html ]— dropping bothflags and reintroducing the corruption — left all eight of them green. It adds the two armour
tests the
sparql_rawsibling already has; they now fail against exactly that mutation.