Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: Mark inline styles as safe (#17093) 

Fixes many Ember deprecation warnings like:

```
WARNING: Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see https://emberjs.com/deprecations/v1.x/#toc_binding-style-attributes. Style affected: "border-color: #33B0B0; --category-color: #33B0B0;"
```
This commit is contained in:
Jarek Radosz 2022-06-15 01:31:21 +02:00 committed by GitHub
parent d7886e4d18
commit 39f45c701c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/discourse/app/templates/components/categories-boxes-with-topics.hbs
View File

@ -1,5 +1,5 @@
{{#each categories as |c|}} {{#each categories as |c|}}
<div data-notification-level={{c.notificationLevelString}} style={{unless noCategoryStyle (concat (border-color c.color) (category-color-variable c.color))}} class="category category-box category-box-{{c.slug}} {{if c.isMuted "muted"}} {{if noCategoryStyle "no-category-boxes-style"}}"> <div data-notification-level={{c.notificationLevelString}} style={{unless noCategoryStyle (html-safe (concat (border-color c.color) (category-color-variable c.color)))}} class="category category-box category-box-{{c.slug}} {{if c.isMuted "muted"}} {{if noCategoryStyle "no-category-boxes-style"}}">
<div class="category-box-inner"> <div class="category-box-inner">
<div class="category-box-heading"> <div class="category-box-heading">
<a href={{c.url}}> <a href={{c.url}}>
@ -14,6 +14,7 @@
}} }}
{{/if}} {{/if}}
{{/unless}} {{/unless}}
<h3> <h3>
{{category-title-before category=c}} {{category-title-before category=c}}
{{#if c.read_restricted}} {{#if c.read_restricted}}
@ -35,6 +36,7 @@
{{/if}} {{/if}}
</div> </div>
{{/unless}} {{/unless}}
{{plugin-outlet name="category-box-below-each-category" args=(hash category=c)}} {{plugin-outlet name="category-box-below-each-category" args=(hash category=c)}}
</div> </div>
</div> </div>

9
app/assets/javascripts/discourse/app/templates/components/categories-boxes.hbs
View File

@ -1,6 +1,7 @@
{{#each categories as |c|}} {{#each categories as |c|}}
{{plugin-outlet name="category-box-before-each-box" args=(hash category=c)}} {{plugin-outlet name="category-box-before-each-box" args=(hash category=c)}}
<div style={{unless noCategoryStyle (concat (border-color c.color) (category-color-variable c.color))}} data-category-id={{c.id}} data-notification-level={{c.notificationLevelString}} data-url={{c.url}} class="category category-box category-box-{{c.slug}} {{if c.isMuted "muted"}} {{if noCategoryStyle "no-category-boxes-style"}}">
<div style={{unless noCategoryStyle (html-safe (concat (border-color c.color) (category-color-variable c.color)))}} data-category-id={{c.id}} data-notification-level={{c.notificationLevelString}} data-url={{c.url}} class="category category-box category-box-{{c.slug}} {{if c.isMuted "muted"}} {{if noCategoryStyle "no-category-boxes-style"}}">
<div class="category-box-inner"> <div class="category-box-inner">
{{#unless c.isMuted}} {{#unless c.isMuted}}
<div class="category-logo"> <div class="category-logo">
@ -15,6 +16,7 @@
{{/if}} {{/if}}
</div> </div>
{{/unless}} {{/unless}}
<div class="category-details"> <div class="category-details">
<div class="category-box-heading"> <div class="category-box-heading">
<a class="parent-box-link" href={{c.url}}> <a class="parent-box-link" href={{c.url}}>
@ -32,6 +34,7 @@
<div class="description"> <div class="description">
{{html-safe c.description_excerpt}} {{html-safe c.description_excerpt}}
</div> </div>
{{#if c.isGrandParent}} {{#if c.isGrandParent}}
{{#each c.subcategories as |subcategory|}} {{#each c.subcategories as |subcategory|}}
<div data-category-id={{subcategory.id}} data-notification-level={{subcategory.notificationLevelString}} style={{border-color subcategory.color}} class="subcategory with-subcategories {{if subcategory.uploaded_logo.url "has-logo" "no-logo"}}"> <div data-category-id={{subcategory.id}} data-notification-level={{subcategory.notificationLevelString}} style={{border-color subcategory.color}} class="subcategory with-subcategories {{if subcategory.uploaded_logo.url "has-logo" "no-logo"}}">
@ -64,6 +67,7 @@
height=sc.uploaded_logo.height height=sc.uploaded_logo.height
alt=""}} alt=""}}
</span> </span>
{{category-link sc hideParent="true"}} {{category-link sc hideParent="true"}}
</a> </a>
{{/each}} {{/each}}
@ -71,9 +75,12 @@
{{/if}} {{/if}}
{{/unless}} {{/unless}}
</div> </div>
{{plugin-outlet name="category-box-below-each-category" args=(hash category=c)}} {{plugin-outlet name="category-box-below-each-category" args=(hash category=c)}}
</div> </div>
</div> </div>
{{plugin-outlet name="category-box-after-each-box" args=(hash category=c)}} {{plugin-outlet name="category-box-after-each-box" args=(hash category=c)}}
{{/each}} {{/each}}
{{plugin-outlet name="category-boxes-after-boxes" args=(hash category=c)}} {{plugin-outlet name="category-boxes-after-boxes" args=(hash category=c)}}

7
app/assets/javascripts/discourse/app/templates/components/parent-category-row.hbs
View File

@ -1,14 +1,17 @@
{{#unless isHidden}} {{#unless isHidden}}
{{plugin-outlet name="category-list-above-each-category" args=(hash category=category)}} {{plugin-outlet name="category-list-above-each-category" args=(hash category=category)}}
<tr data-category-id={{category.id}} data-notification-level={{category.notificationLevelString}} class="{{if category.description_excerpt "has-description" "no-description"}} {{if category.uploaded_logo.url "has-logo" "no-logo"}}"> <tr data-category-id={{category.id}} data-notification-level={{category.notificationLevelString}} class="{{if category.description_excerpt "has-description" "no-description"}} {{if category.uploaded_logo.url "has-logo" "no-logo"}}">
<td class="category {{if isMuted "muted"}} {{if noCategoryStyle "no-category-style"}}" style={{unless noCategoryStyle (concat (border-color category.color) (category-color-variable category.color))}}> <td class="category {{if isMuted "muted"}} {{if noCategoryStyle "no-category-style"}}" style={{unless noCategoryStyle (html-safe (concat (border-color category.color) (category-color-variable category.color)))}}>
{{category-title-link category=category}} {{category-title-link category=category}}
{{plugin-outlet name="below-category-title-link" connectorTagName="div" args=(hash category=category)}} {{plugin-outlet name="below-category-title-link" connectorTagName="div" args=(hash category=category)}}
{{#if category.description_excerpt}} {{#if category.description_excerpt}}
<div class="category-description"> <div class="category-description">
{{dir-span category.description_excerpt htmlSafe="true"}} {{dir-span category.description_excerpt htmlSafe="true"}}
</div> </div>
{{/if}} {{/if}}
{{#if category.isGrandParent}} {{#if category.isGrandParent}}
<table class="category-list subcategories-with-subcategories"> <table class="category-list subcategories-with-subcategories">
<tbody> <tbody>
@ -25,10 +28,12 @@
</div> </div>
{{/if}} {{/if}}
</td> </td>
<td class="topics"> <td class="topics">
<div title={{category.statTitle}}>{{html-safe category.stat}}</div> <div title={{category.statTitle}}>{{html-safe category.stat}}</div>
{{category-unread category=category tagName="div" class="unread-new"}} {{category-unread category=category tagName="div" class="unread-new"}}
</td> </td>
{{#unless isMuted}} {{#unless isMuted}}
{{#if showTopics}} {{#if showTopics}}
<td class="latest"> <td class="latest">