osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
dev/simplify-chat-notifier
osr-discourse-src/plugins/chat/assets/javascripts/discourse/components/chat-channel-about-view.hbs
Blake Erickson a373bf2a01 SECURITY: XSS on chat excerpts 
Non-markdown tags weren't being escaped in chat excerpts. This could be
triggered by editing a chat message containing a tag (self XSS), or by
replying to a chat message with a tag (XSS).

Co-authored-by: Jan Cernik <jancernik12@gmail.com>
2023-03-16 15:27:09 -06:00

93 lines
2.7 KiB
Handlebars
Raw Permalink Blame History

{{#if this.channel.isCategoryChannel}}
<div class="chat-form__section">
<div class="chat-form__field">
<label class="chat-form__label">
{{i18n "chat.about_view.associated_category"}}
</label>
<div class="chat-form__control">
{{category-badge
this.channel.chatable
link=true
allowUncategorized=true
}}
</div>
</div>
</div>
{{/if}}
<div class="chat-form__section">
<div class="chat-form__field">
<label class="chat-form__label">
<span>{{i18n "chat.about_view.name"}}</span>
{{#if (chat-guardian "can-edit-chat-channel")}}
<div class="chat-form__label-actions">
<DButton
@class="edit-name-slug-btn btn-flat"
@label="chat.channel_settings.edit"
@action={{if this.onEditChatChannelName this.onEditChatChannelName}}
/>
</div>
{{/if}}
</label>
<div class="chat-form__control">
<div class="channel-info-about-view__name">
{{replace-emoji this.channel.title}}
</div>
<div class="channel-info-about-view__slug">
{{this.channel.slug}}
</div>
</div>
</div>
</div>
{{#if
(or (chat-guardian "can-edit-chat-channel") this.channel.description.length)
}}
<div class="chat-form__section">
<div class="chat-form__field">
<label class="chat-form__label">
<span>{{i18n "chat.about_view.description"}}</span>
{{#if (chat-guardian "can-edit-chat-channel")}}
<div class="chat-form__label-actions">
<DButton
@class="edit-description-btn btn-flat"
@label={{if
this.channel.description.length
"chat.channel_settings.edit"
"chat.channel_settings.add"
}}
@action={{if
this.onEditChatChannelDescription
this.onEditChatChannelDescription
}}
/>
</div>
{{/if}}
</label>
<div class="chat-form__control">
<div class="channel-info-about-view__description">
{{#if this.channel.description.length}}
{{this.channel.description}}
{{else}}
<div class="channel-info-about-view__description__helper-text">
{{i18n "chat.channel_edit_description_modal.description"}}
</div>
{{/if}}
</div>
</div>
</div>
</div>
{{/if}}
<div class="chat-form__section">
<ToggleChannelMembershipButton
@channel={{this.channel}}
@options={{hash
joinClass="btn-primary"
leaveClass="btn-flat"
joinIcon="sign-in-alt"
leaveIcon="sign-out-alt"
}}
/>
</div>
Reference in New Issue View Git Blame Copy Permalink