Discource-C/discourse-placeholder-theme-component
1
0
Fork 0
mirror of https://github.com/discourse/discourse-placeholder-theme-component.git synced 2025-02-10 13:34:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
62 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
David Taylor 948634fe31
SECURITY: Apply transformations to text nodes only 
Previously, the replacement system would modify raw HTML, which is prone to issues and vulnerabilities. With this commit, we iterate over text nodes only, and do simple string replacements on their content. That means that the user input never gets passed into an HTML parser, and there is no chance of injection attacks.

The re-rendering system is also simplified to store the original value for re-use later, instead of mapping position/length of replacements.

This does mean the behavior is changed slightly. Replacements will no longer be applied to html attributes (e.g `a[href]`). If this affects your use-case, please let us know [on Meta](https://meta.discourse.org/t/113533).

This is a followup to the fix in a62f711d5600e4e5d86f342d52932cb6221672e7
2024-08-29 10:15:53 +01:00
.github/workflows
DEV: Update CI workflows (#18)
2023-01-10 19:30:47 +00:00
common
DEV: Use the new modal api (#26)
2023-12-05 23:15:32 +01:00
javascripts/discourse
SECURITY: Apply transformations to text nodes only
2024-08-29 10:15:53 +01:00
locales
Update translations (#37)
2024-08-20 17:54:48 +02:00
mobile
removes links and clear placeholders for now
2020-04-22 12:41:42 +02:00
test/acceptance
DEV: Update linting (#28)
2024-03-27 18:55:28 +01:00
.discourse-compatibility
DEV: Pin theme for Discourse < 3.4.0.beta1-dev (#35)
2024-08-02 17:47:11 +08:00
.eslintrc.cjs
DEV: Update linting (#28)
2024-03-27 18:55:28 +01:00
.gitignore
DEV: Add CI setup and fix linting issues (#9)
2022-06-18 21:27:31 +02:00
.prettierrc.cjs
DEV: Update linting (#28)
2024-03-27 18:55:28 +01:00
.template-lintrc.cjs
DEV: Update linting (#28)
2024-03-27 18:55:28 +01:00
about.json
Update about.json (#29)
2024-06-09 10:09:13 +01:00
LICENSE
init
2019-05-14 11:18:12 +02:00
package.json
DEV: Update linting (#28)
2024-03-27 18:55:28 +01:00
README.md
plugin-> theme component (#20)
2023-02-04 15:57:50 +01:00
translator.yml
DEV: Add Crowdin support (#30)
2024-06-11 13:37:43 +02:00
yarn.lock
Build(deps): bump braces from 3.0.2 to 3.0.3 (#33)
2024-06-20 11:33:33 +02:00

README.md

discourse-placeholder-theme-component

https://meta.discourse.org/t/discourse-placeholder-theme-component/113533

Usage

[wrap=placeholder key=NAME][/wrap]
[wrap=placeholder key=COUNTRY default=FR][/wrap]
[wrap=placeholder key=SECRET description="Used to open the bank"][/wrap]

I'm =NAME=, I come from =COUNTRY= let me tell you my secret: =SECRET==

Feedback

If you have issues or suggestions for the theme component, please bring them up on Discourse Meta.

Description
No description provided
Readme MIT 883 KiB
Languages
JavaScript 66.9%
Ruby 12.7%
Handlebars 10.3%
SCSS 10.1%