Don't trust topic title in template until it has been sanitized by the server

This commit is contained in:
Neil Lalonde 2013-08-19 14:19:59 -04:00
parent 7eaedb84e1
commit 3cc8354fe2
2 changed files with 12 additions and 2 deletions

View File

@ -141,6 +141,9 @@ Discourse.TopicController = Discourse.ObjectController.extend(Discourse.Selected
var topic = this.get('model'); var topic = this.get('model');
// Topic title hasn't been sanitized yet, so the template shouldn't trust it.
this.set('topicSaving', true);
// manually update the titles & category // manually update the titles & category
topic.setProperties({ topic.setProperties({
title: this.get('newTitle'), title: this.get('newTitle'),
@ -157,9 +160,10 @@ Discourse.TopicController = Discourse.ObjectController.extend(Discourse.Selected
title: title, title: title,
fancy_title: fancy_title fancy_title: fancy_title
}); });
topicController.set('topicSaving', false);
}, function(error) { }, function(error) {
topicController.set('editingTopic', true); topicController.set('editingTopic', true);
topicController.set('topicSaving', false);
if (error && error.responseText) { if (error && error.responseText) {
bootbox.alert($.parseJSON(error.responseText).errors[0]); bootbox.alert($.parseJSON(error.responseText).errors[0]);
} else { } else {

View File

@ -19,7 +19,13 @@
<h1> <h1>
{{#if details.loaded}} {{#if details.loaded}}
{{topicStatus topic=model}} {{topicStatus topic=model}}
<a href='{{unbound url}}'>{{{fancy_title}}}</a> <a href='{{unbound url}}'>
{{#if topicSaving}}
{{fancy_title}}
{{else}}
{{{fancy_title}}}
{{/if}}
</a>
{{/if}} {{/if}}
{{boundCategoryLink category}} {{boundCategoryLink category}}