Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: Escape html and emojis in search menu topic result type titles (#22166) 

# Before
<img width="419" alt="Screenshot 2023-06-16 at 3 23 49 PM" src="https://github.com/discourse/discourse/assets/50783505/557e0657-afc8-4608-b025-d9896fd9a8c9">

# After
<img width="433" alt="Screenshot 2023-06-16 at 3 21 41 PM" src="https://github.com/discourse/discourse/assets/50783505/1df71b3b-479b-4163-8a7c-5bb434102a55">
This commit is contained in:
Isaac Janzen 2023-06-16 15:56:41 -05:00 committed by GitHub
parent 93e5272223
commit afa6c0a9a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/app/components/search-menu/highlighted-search.hbs
View File

@ -1 +1 @@
{{this.content}} {{html-safe @string}}

1
app/assets/javascripts/discourse/app/components/search-menu/highlighted-search.js
View File

@ -9,7 +9,6 @@ export default class HighlightedSearch extends Component {
super(...arguments); super(...arguments);
const span = document.createElement("span"); const span = document.createElement("span");
span.textContent = this.args.string; span.textContent = this.args.string;
this.content = span;
highlightSearch(span, this.search.activeGlobalSearchTerm); highlightSearch(span, this.search.activeGlobalSearchTerm);
} }

28
app/assets/javascripts/discourse/tests/acceptance/glimmer-search-test.js
View File

@ -134,6 +134,34 @@ acceptance("Search - Glimmer - Anonymous", function (needs) {
); );
}); });
test("Topic type search result escapes html in topic title", async function (assert) {
await visit("/");
await click("#search-button");
await fillIn("#search-term", "dev");
await triggerKeyEvent("#search-term", "keyup", "Enter");
assert.ok(
exists(
".search-menu .search-result-topic .item .topic-title span#topic-with-html"
),
"html in the topic title is properly escaped"
);
});
test("Topic type search result escapes emojis in topic title", async function (assert) {
await visit("/");
await click("#search-button");
await fillIn("#search-term", "dev");
await triggerKeyEvent("#search-term", "keyup", "Enter");
assert.ok(
exists(
".search-menu .search-result-topic .item .topic-title img[alt='+1']"
),
":+1: in the topic title is properly converted to an emoji"
);
});
test("search button toggles search menu", async function (assert) { test("search button toggles search menu", async function (assert) {
await visit("/"); await visit("/");

6
app/assets/javascripts/discourse/tests/fixtures/search-fixtures.js vendored
View File

@ -643,9 +643,9 @@ export default {
}, },
{ {
id: 2507, id: 2507,
title: "Getting dev instance to send email?", title: "Topic with html in title",
fancy_title: "Getting dev instance to send email?", fancy_title: "<span id='topic-with-html'>Topic with html in title :+1:</span>",
slug: "getting-dev-instance-to-send-email", slug: "topic-with-html-in-title",
posts_count: 19, posts_count: 19,
reply_count: 13, reply_count: 13,
highest_post_number: 21, highest_post_number: 21,