mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-12-17 19:12:37 -05:00
FIX: Regression with escaping on badge page
This commit is contained in:
parent
d9289b6da9
commit
efc6408b1d
4 changed files with 18 additions and 11 deletions
|
@ -1,7 +1,6 @@
|
||||||
import computed from 'ember-addons/ember-computed-decorators';
|
import computed from 'ember-addons/ember-computed-decorators';
|
||||||
import DiscourseURL from 'discourse/lib/url';
|
import DiscourseURL from 'discourse/lib/url';
|
||||||
import { emojiUnescape } from 'discourse/lib/text';
|
import { sanitize, emojiUnescape } from 'discourse/lib/text';
|
||||||
import { escapeExpression } from 'discourse/lib/utilities';
|
|
||||||
|
|
||||||
export default Ember.Component.extend({
|
export default Ember.Component.extend({
|
||||||
size: 'medium',
|
size: 'medium',
|
||||||
|
@ -40,10 +39,10 @@ export default Ember.Component.extend({
|
||||||
if (size === 'large') {
|
if (size === 'large') {
|
||||||
const longDescription = this.get('badge.long_description');
|
const longDescription = this.get('badge.long_description');
|
||||||
if (!_.isEmpty(longDescription)) {
|
if (!_.isEmpty(longDescription)) {
|
||||||
return emojiUnescape(escapeExpression(longDescription));
|
return emojiUnescape(sanitize(longDescription));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return escapeExpression(this.get('badge.description'));
|
return sanitize(this.get('badge.description'));
|
||||||
}
|
}
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,17 +1,25 @@
|
||||||
import { default as PrettyText, buildOptions } from 'pretty-text/pretty-text';
|
import { default as PrettyText, buildOptions } from 'pretty-text/pretty-text';
|
||||||
import { performEmojiUnescape, buildEmojiUrl } from 'pretty-text/emoji';
|
import { performEmojiUnescape, buildEmojiUrl } from 'pretty-text/emoji';
|
||||||
|
import WhiteLister from 'pretty-text/white-lister';
|
||||||
|
import { sanitize as textSanitize } from 'pretty-text/sanitizer';
|
||||||
|
|
||||||
// Use this to easily create a pretty text instance with proper options
|
function getOpts() {
|
||||||
export function cook(text) {
|
|
||||||
const siteSettings = Discourse.__container__.lookup('site-settings:main');
|
const siteSettings = Discourse.__container__.lookup('site-settings:main');
|
||||||
|
|
||||||
const opts = {
|
return buildOptions({
|
||||||
getURL: Discourse.getURLWithCDN,
|
getURL: Discourse.getURLWithCDN,
|
||||||
currentUser: Discourse.__container__.lookup('current-user:main'),
|
currentUser: Discourse.__container__.lookup('current-user:main'),
|
||||||
siteSettings
|
siteSettings
|
||||||
};
|
});
|
||||||
|
}
|
||||||
|
|
||||||
return new Handlebars.SafeString(new PrettyText(buildOptions(opts)).cook(text));
|
// Use this to easily create a pretty text instance with proper options
|
||||||
|
export function cook(text) {
|
||||||
|
return new Handlebars.SafeString(new PrettyText(getOpts()).cook(text));
|
||||||
|
}
|
||||||
|
|
||||||
|
export function sanitize(text) {
|
||||||
|
return textSanitize(text, new WhiteLister(getOpts().features));
|
||||||
}
|
}
|
||||||
|
|
||||||
function emojiOptions() {
|
function emojiOptions() {
|
||||||
|
|
|
@ -12,6 +12,6 @@ test("Visit Badge Pages", () => {
|
||||||
andThen(() => {
|
andThen(() => {
|
||||||
ok(exists('.badge-card'), "has the badge in the listing");
|
ok(exists('.badge-card'), "has the badge in the listing");
|
||||||
ok(exists('.user-info'), "has the list of users with that badge");
|
ok(exists('.user-info'), "has the list of users with that badge");
|
||||||
ok(!exists('.badge-card:eq(0) strike'));
|
ok(!exists('.badge-card:eq(0) script'));
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -389,7 +389,7 @@ export default {
|
||||||
"id": 9,
|
"id": 9,
|
||||||
"name": "Autobiographer",
|
"name": "Autobiographer",
|
||||||
"description": null,
|
"description": null,
|
||||||
"long_description": "<strike>hello</strike>",
|
"long_description": "<script>hello</script>",
|
||||||
"grant_count": 545,
|
"grant_count": 545,
|
||||||
"allow_title": false,
|
"allow_title": false,
|
||||||
"multiple_grant": false,
|
"multiple_grant": false,
|
||||||
|
|
Loading…
Reference in a new issue