Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: do not escape slash for category text description (#20460) 

Original solution to use `description` instead of `text_description` was wrong: https://github.com/discourse/discourse/pull/20436

Problem is that we have to escape HTML tags.

However, we would like to use escape method which is keep `/` intact.   Expected behavior is given by  ERB::Util.html_escape instead of Rack::Utils.escape_html

/t/92015
This commit is contained in:
Krzysztof Kotlarek 2023-02-27 12:48:48 +11:00 committed by GitHub
parent 52d4de7b45
commit d92fd30d23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/app/lib/sidebar/user/categories-section/category-section-link.js
View File

@ -131,7 +131,7 @@ export default class CategorySectionLink {
} }
get title() { get title() {
return this.category.description; return this.category.description_text;
} }
get text() { get text() {

2
app/assets/javascripts/discourse/tests/acceptance/sidebar-user-categories-section-test.js
View File

@ -615,7 +615,7 @@ acceptance("Sidebar - Logged on user - Categories Section", function (needs) {
assert.strictEqual( assert.strictEqual(
query(`.sidebar-section-link[data-category-id="${category.id}"]`).title, query(`.sidebar-section-link[data-category-id="${category.id}"]`).title,
category.description, category.description_text,
"category description without HTML entity is used as the link's title" "category description without HTML entity is used as the link's title"
); );
}); });

2
app/models/category.rb
View File

@ -388,7 +388,7 @@ class Category < ActiveRecord::Base
@@cache_text ||= LruRedux::ThreadSafeCache.new(1000) @@cache_text ||= LruRedux::ThreadSafeCache.new(1000)
@@cache_text.getset(self.description) do @@cache_text.getset(self.description) do
text = Nokogiri::HTML5.fragment(self.description).text.strip text = Nokogiri::HTML5.fragment(self.description).text.strip
Rack::Utils.escape_html(text).html_safe ERB::Util.html_escape(text).html_safe
end end
end end

2
spec/lib/category_badge_spec.rb
View File

@ -18,6 +18,6 @@ RSpec.describe CategoryBadge do
c = Fabricate(:category, description: '<code>\' &lt;b id="x"&gt;</code>') c = Fabricate(:category, description: '<code>\' &lt;b id="x"&gt;</code>')
html = CategoryBadge.html_for(c) html = CategoryBadge.html_for(c)
expect(html).to include("title='&#x27; &lt;b id=&quot;x&quot;&gt;'") expect(html).to include("title='&#39; &lt;b id=&quot;x&quot;&gt;'")
end end
end end

4
spec/models/category_spec.rb
View File

@ -400,8 +400,8 @@ RSpec.describe Category do
it "correctly generates text description as needed" do it "correctly generates text description as needed" do
c = Category.new c = Category.new
expect(c.description_text).to be_nil expect(c.description_text).to be_nil
c.description = "&lt;hello <a>test</a>." c.description = "&lt;hello <a>foo/bar</a>."
expect(c.description_text).to eq("&lt;hello test.") expect(c.description_text).to eq("&lt;hello foo/bar.")
end end
end end