Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Sanitize tags before creation

This commit is contained in:
David Taylor 2018-10-19 15:43:31 +01:00
parent 597d4863d6
commit 37b7afa522
4 changed files with 21 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
app/assets/javascripts/select-kit/components/mini-tag-chooser.js.es6
View File

@ -214,28 +214,6 @@ export default ComboBox.extend(TagsMixin, {
this.destroyTags(tags); this.destroyTags(tags);
}, },
_sanitizeContent(content, property) {
switch (typeof content) {
case "string":
// See lib/discourse_tagging#clean_tag.
return content
.trim()
.replace(/\s+/, "-")
.replace(/[\/\?#\[\]@!\$&'\(\)\*\+,;=\.%\\`^\s|\{\}"<>]+/, "")
.substring(0, this.siteSettings.max_tag_length);
default:
return get(content, this.get(property));
}
},
valueForContentItem(content) {
return this._sanitizeContent(content, "valueAttribute");
},
_nameForContent(content) {
return this._sanitizeContent(content, "nameProperty");
},
actions: { actions: {
onSelect(tag) { onSelect(tag) {
this.set("tags", makeArray(this.get("tags")).concat(tag)); this.set("tags", makeArray(this.get("tags")).concat(tag));

15
app/assets/javascripts/select-kit/mixins/tags.js.es6
View File

@ -68,5 +68,20 @@ export default Ember.Mixin.create({
} }
return true; return true;
},
createContentFromInput(input) {
// See lib/discourse_tagging#clean_tag.
var content = input
.trim()
.replace(/\s+/g, "-")
.replace(/[\/\?#\[\]@!\$&'\(\)\*\+,;=\.%\\`^\s|\{\}"<>]+/g, "")
.substring(0, this.siteSettings.max_tag_length);
if (this.siteSettings.force_lowercase_tags) {
content = content.toLowerCase();
}
return content;
} }
}); });

3
config/site_settings.yml
View File

@ -1801,4 +1801,5 @@ tags:
remove_muted_tags_from_latest: remove_muted_tags_from_latest:
default: false default: false
force_lowercase_tags: force_lowercase_tags:
default: true default: true
client: true

7
test/javascripts/components/mini-tag-chooser-test.js.es6
View File

@ -12,6 +12,7 @@ componentTest("default", {
beforeEach() { beforeEach() {
this.siteSettings.max_tag_length = 24; this.siteSettings.max_tag_length = 24;
this.siteSettings.force_lowercase_tags = true;
this.site.set("can_create_tag", true); this.site.set("can_create_tag", true);
this.set("tags", ["jeff", "neil", "arpit"]); this.set("tags", ["jeff", "neil", "arpit"]);
@ -85,11 +86,11 @@ componentTest("default", {
); );
await this.get("subject").expand(); await this.get("subject").expand();
await this.get("subject").fillInFilter("invalid'tag"); await this.get("subject").fillInFilter("invalid' Tag");
await this.get("subject").keyboard("enter"); await this.get("subject").keyboard("enter");
assert.deepEqual( assert.deepEqual(
this.get("tags"), this.get("tags"),
["jeff", "neil", "arpit", "régis", "joffrey", "invalidtag"], ["jeff", "neil", "arpit", "régis", "joffrey", "invalid-tag"],
"it strips invalid characters in tag" "it strips invalid characters in tag"
); );
@ -98,7 +99,7 @@ componentTest("default", {
await this.get("subject").keyboard("enter"); await this.get("subject").keyboard("enter");
assert.deepEqual( assert.deepEqual(
this.get("tags"), this.get("tags"),
["jeff", "neil", "arpit", "régis", "joffrey", "invalidtag"], ["jeff", "neil", "arpit", "régis", "joffrey", "invalid-tag"],
"it does not allow creating long tags" "it does not allow creating long tags"
); );