From 9adfccfad1eea9db31a274f92128723a3079842b Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Thu, 28 Jul 2016 16:11:41 -0400
Subject: [PATCH] FIX: Regression with escaping on badge page

In this branch (stable) we can't run the sanitizer because the bundle is not
loaded. The long badge description is not sanitized, but it
has to be created by an admin so it's extremely low risk.

In the beta / tests-passed branches the text is sanitized.
---
 app/assets/javascripts/discourse/components/badge-card.js.es6 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/discourse/components/badge-card.js.es6 b/app/assets/javascripts/discourse/components/badge-card.js.es6
index ae61519c29..7366d05ef8 100644
--- a/app/assets/javascripts/discourse/components/badge-card.js.es6
+++ b/app/assets/javascripts/discourse/components/badge-card.js.es6
@@ -36,10 +36,10 @@ export default Ember.Component.extend({
     if (size === 'large') {
       const longDescription = this.get('badge.long_description');
       if (!_.isEmpty(longDescription)) {
-        return Discourse.Emoji.unescape(Discourse.Utilities.escapeExpression(longDescription));
+        return Discourse.Emoji.unescape(longDescription);
       }
     }
-    return Discourse.Utilities.escapeExpression(this.get('badge.description'));
+    return this.get('badge.description');
   }
 
 });