Don't trust topic title in template until it has been sanitized by the server
This commit is contained in:
parent
7eaedb84e1
commit
3cc8354fe2
|
@ -141,6 +141,9 @@ Discourse.TopicController = Discourse.ObjectController.extend(Discourse.Selected
|
||||||
|
|
||||||
var topic = this.get('model');
|
var topic = this.get('model');
|
||||||
|
|
||||||
|
// Topic title hasn't been sanitized yet, so the template shouldn't trust it.
|
||||||
|
this.set('topicSaving', true);
|
||||||
|
|
||||||
// manually update the titles & category
|
// manually update the titles & category
|
||||||
topic.setProperties({
|
topic.setProperties({
|
||||||
title: this.get('newTitle'),
|
title: this.get('newTitle'),
|
||||||
|
@ -157,9 +160,10 @@ Discourse.TopicController = Discourse.ObjectController.extend(Discourse.Selected
|
||||||
title: title,
|
title: title,
|
||||||
fancy_title: fancy_title
|
fancy_title: fancy_title
|
||||||
});
|
});
|
||||||
|
topicController.set('topicSaving', false);
|
||||||
}, function(error) {
|
}, function(error) {
|
||||||
topicController.set('editingTopic', true);
|
topicController.set('editingTopic', true);
|
||||||
|
topicController.set('topicSaving', false);
|
||||||
if (error && error.responseText) {
|
if (error && error.responseText) {
|
||||||
bootbox.alert($.parseJSON(error.responseText).errors[0]);
|
bootbox.alert($.parseJSON(error.responseText).errors[0]);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -19,7 +19,13 @@
|
||||||
<h1>
|
<h1>
|
||||||
{{#if details.loaded}}
|
{{#if details.loaded}}
|
||||||
{{topicStatus topic=model}}
|
{{topicStatus topic=model}}
|
||||||
<a href='{{unbound url}}'>{{{fancy_title}}}</a>
|
<a href='{{unbound url}}'>
|
||||||
|
{{#if topicSaving}}
|
||||||
|
{{fancy_title}}
|
||||||
|
{{else}}
|
||||||
|
{{{fancy_title}}}
|
||||||
|
{{/if}}
|
||||||
|
</a>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
{{boundCategoryLink category}}
|
{{boundCategoryLink category}}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue