From a0aec4860640df31b5c2e35b3ff6a2f3cf0aee10 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Wed, 20 Nov 2024 10:54:49 +1100
Subject: [PATCH] FIX: gists are not html safe (#931)

Also allow "Everyone" in ai_hot_topic_gists_allowed_groups
---
 .../discourse/components/ai-topic-gist.gjs    | 25 +++++++++++++------
 lib/guardian_extensions.rb                    |  3 +++
 spec/lib/guardian_extensions_spec.rb          |  8 ++++++
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/assets/javascripts/discourse/components/ai-topic-gist.gjs b/assets/javascripts/discourse/components/ai-topic-gist.gjs
index ac0892b5..53f780f5 100644
--- a/assets/javascripts/discourse/components/ai-topic-gist.gjs
+++ b/assets/javascripts/discourse/components/ai-topic-gist.gjs
@@ -1,7 +1,6 @@
 import Component from "@glimmer/component";
 import { service } from "@ember/service";
 import { htmlSafe } from "@ember/template";
-import { emojiUnescape, sanitize } from "discourse/lib/text";
 
 export default class AiTopicGist extends Component {
   @service gists;
@@ -10,20 +9,30 @@ export default class AiTopicGist extends Component {
     return this.gists.preference === "table-ai" && this.gists.shouldShow;
   }
 
-  get gistOrExcerpt() {
-    const topic = this.args.topic;
-    const gist = topic.get("ai_topic_gist");
-    const excerpt = emojiUnescape(sanitize(topic.get("excerpt")));
+  get hasGist() {
+    return !!this.gist;
+  }
 
-    return gist || excerpt;
+  get gist() {
+    return this.args.topic.get("ai_topic_gist");
+  }
+
+  get escapedExceprt() {
+    return this.args.topic.get("escapedExcerpt");
   }
 
   <template>
     {{#if this.shouldShow}}
-      {{#if this.gistOrExcerpt}}
+      {{#if this.hasGist}}
         <div class="excerpt">
-          <div>{{htmlSafe this.gistOrExcerpt}}</div>
+          <div>{{this.gist}}</div>
         </div>
+      {{else}}
+        {{#if this.esacpedExceprt}}
+          <div class="excerpt">
+            <div>{{htmlSafe this.escapedExceprt}}</div>
+          </div>
+        {{/if}}
       {{/if}}
     {{/if}}
   </template>
diff --git a/lib/guardian_extensions.rb b/lib/guardian_extensions.rb
index b22ddbb4..d1d29352 100644
--- a/lib/guardian_extensions.rb
+++ b/lib/guardian_extensions.rb
@@ -24,6 +24,9 @@ module DiscourseAi
     def can_see_gists?
       return false if !SiteSetting.ai_summarization_enabled
       return false if SiteSetting.ai_summarize_max_hot_topics_gists_per_batch.zero?
+      if SiteSetting.ai_hot_topic_gists_allowed_groups.to_s == Group::AUTO_GROUPS[:everyone].to_s
+        return true
+      end
       return false if anonymous?
       return false if SiteSetting.ai_hot_topic_gists_allowed_groups_map.empty?
 
diff --git a/spec/lib/guardian_extensions_spec.rb b/spec/lib/guardian_extensions_spec.rb
index 1e287be4..e4cfa897 100644
--- a/spec/lib/guardian_extensions_spec.rb
+++ b/spec/lib/guardian_extensions_spec.rb
@@ -89,6 +89,14 @@ describe DiscourseAi::GuardianExtensions do
       end
     end
 
+    context "when setting is set to everyone" do
+      before { SiteSetting.ai_hot_topic_gists_allowed_groups = Group::AUTO_GROUPS[:everyone] }
+
+      it "returns true" do
+        expect(guardian.can_see_gists?).to eq(true)
+      end
+    end
+
     context "when there is a user but it's not a member of the allowed groups" do
       before { SiteSetting.ai_hot_topic_gists_allowed_groups = "" }