FIX: Regression with escaping on badge page

This commit is contained in:
Robin Ward 2016-07-28 15:53:36 -04:00
parent d9289b6da9
commit efc6408b1d
4 changed files with 18 additions and 11 deletions

View file

@ -1,7 +1,6 @@
import computed from 'ember-addons/ember-computed-decorators'; import computed from 'ember-addons/ember-computed-decorators';
import DiscourseURL from 'discourse/lib/url'; import DiscourseURL from 'discourse/lib/url';
import { emojiUnescape } from 'discourse/lib/text'; import { sanitize, emojiUnescape } from 'discourse/lib/text';
import { escapeExpression } from 'discourse/lib/utilities';
export default Ember.Component.extend({ export default Ember.Component.extend({
size: 'medium', size: 'medium',
@ -40,10 +39,10 @@ export default Ember.Component.extend({
if (size === 'large') { if (size === 'large') {
const longDescription = this.get('badge.long_description'); const longDescription = this.get('badge.long_description');
if (!_.isEmpty(longDescription)) { if (!_.isEmpty(longDescription)) {
return emojiUnescape(escapeExpression(longDescription)); return emojiUnescape(sanitize(longDescription));
} }
} }
return escapeExpression(this.get('badge.description')); return sanitize(this.get('badge.description'));
} }
}); });

View file

@ -1,17 +1,25 @@
import { default as PrettyText, buildOptions } from 'pretty-text/pretty-text'; import { default as PrettyText, buildOptions } from 'pretty-text/pretty-text';
import { performEmojiUnescape, buildEmojiUrl } from 'pretty-text/emoji'; import { performEmojiUnescape, buildEmojiUrl } from 'pretty-text/emoji';
import WhiteLister from 'pretty-text/white-lister';
import { sanitize as textSanitize } from 'pretty-text/sanitizer';
// Use this to easily create a pretty text instance with proper options function getOpts() {
export function cook(text) {
const siteSettings = Discourse.__container__.lookup('site-settings:main'); const siteSettings = Discourse.__container__.lookup('site-settings:main');
const opts = { return buildOptions({
getURL: Discourse.getURLWithCDN, getURL: Discourse.getURLWithCDN,
currentUser: Discourse.__container__.lookup('current-user:main'), currentUser: Discourse.__container__.lookup('current-user:main'),
siteSettings siteSettings
}; });
}
return new Handlebars.SafeString(new PrettyText(buildOptions(opts)).cook(text)); // Use this to easily create a pretty text instance with proper options
export function cook(text) {
return new Handlebars.SafeString(new PrettyText(getOpts()).cook(text));
}
export function sanitize(text) {
return textSanitize(text, new WhiteLister(getOpts().features));
} }
function emojiOptions() { function emojiOptions() {

View file

@ -12,6 +12,6 @@ test("Visit Badge Pages", () => {
andThen(() => { andThen(() => {
ok(exists('.badge-card'), "has the badge in the listing"); ok(exists('.badge-card'), "has the badge in the listing");
ok(exists('.user-info'), "has the list of users with that badge"); ok(exists('.user-info'), "has the list of users with that badge");
ok(!exists('.badge-card:eq(0) strike')); ok(!exists('.badge-card:eq(0) script'));
}); });
}); });

View file

@ -389,7 +389,7 @@ export default {
"id": 9, "id": 9,
"name": "Autobiographer", "name": "Autobiographer",
"description": null, "description": null,
"long_description": "<strike>hello</strike>", "long_description": "<script>hello</script>",
"grant_count": 545, "grant_count": 545,
"allow_title": false, "allow_title": false,
"multiple_grant": false, "multiple_grant": false,