osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: Regression with escaping on badge page

Browse Source
This commit is contained in:
Robin Ward
2016-07-28 15:53:36 -04:00
parent d9289b6da9
commit efc6408b1d
4 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/assets/javascripts/discourse/components/badge-card.js.es6
+3 -4
View File
@@ -1,7 +1,6 @@
import computed from 'ember-addons/ember-computed-decorators';
import DiscourseURL from 'discourse/lib/url';
import { emojiUnescape } from 'discourse/lib/text';
import { escapeExpression } from 'discourse/lib/utilities';
import { sanitize, emojiUnescape } from 'discourse/lib/text';
export default Ember.Component.extend({
size: 'medium',
@@ -40,10 +39,10 @@ export default Ember.Component.extend({
if (size === 'large') {
const longDescription = this.get('badge.long_description');
if (!_.isEmpty(longDescription)) {
return emojiUnescape(escapeExpression(longDescription));
return emojiUnescape(sanitize(longDescription));
}
}
return escapeExpression(this.get('badge.description'));
return sanitize(this.get('badge.description'));
}
});
app/assets/javascripts/discourse/lib/text.js.es6
+13 -5
View File
@@ -1,17 +1,25 @@
import { default as PrettyText, buildOptions } from 'pretty-text/pretty-text';
import { performEmojiUnescape, buildEmojiUrl } from 'pretty-text/emoji';
import WhiteLister from 'pretty-text/white-lister';
import { sanitize as textSanitize } from 'pretty-text/sanitizer';
// Use this to easily create a pretty text instance with proper options
export function cook(text) {
function getOpts() {
const siteSettings = Discourse.__container__.lookup('site-settings:main');
const opts = {
return buildOptions({
getURL: Discourse.getURLWithCDN,
currentUser: Discourse.__container__.lookup('current-user:main'),
siteSettings
};
});
}
return new Handlebars.SafeString(new PrettyText(buildOptions(opts)).cook(text));
// Use this to easily create a pretty text instance with proper options
export function cook(text) {
return new Handlebars.SafeString(new PrettyText(getOpts()).cook(text));
}
export function sanitize(text) {
return textSanitize(text, new WhiteLister(getOpts().features));
}
function emojiOptions() {