osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Don't trust topic title in template until it has been sanitized by the server

Browse Source
This commit is contained in:
Neil Lalonde
2013-08-19 14:19:59 -04:00
parent 7eaedb84e1
commit 3cc8354fe2
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/assets/javascripts/discourse/controllers/topic_controller.js
+5 -1
View File
@@ -141,6 +141,9 @@ Discourse.TopicController = Discourse.ObjectController.extend(Discourse.Selected
var topic = this.get('model');
// Topic title hasn't been sanitized yet, so the template shouldn't trust it.
this.set('topicSaving', true);
// manually update the titles & category
topic.setProperties({
title: this.get('newTitle'),
@@ -157,9 +160,10 @@ Discourse.TopicController = Discourse.ObjectController.extend(Discourse.Selected
title: title,
fancy_title: fancy_title
});
topicController.set('topicSaving', false);
}, function(error) {
topicController.set('editingTopic', true);
topicController.set('topicSaving', false);
if (error && error.responseText) {
bootbox.alert($.parseJSON(error.responseText).errors[0]);
} else {