discourse

Author SHA1 Message Date

Author	SHA1	Message	Date
Jarek Radosz	d407bcab36	FIX: Correctly escape category description text (#8107 ) * FIX: Correctly escape category description text This bug has been introduced in `db14e10943`. * Remove unnecessary `html_safe` `Theme.lookup_field` already returns html-safe strings: `7ad338e3e6/app/models/theme.rb (L237-L242)` * Rename `description` where it's acutally `descriptionText`	2019-10-01 12:04:39 -04:00
Sam Saffron	4ea21fa2d0	DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction	2019-04-30 10:27:42 +10:00
Sam	db14e10943	SECURITY: category badges should HTML escape names	2018-06-28 18:15:07 +10:00

Jarek Radosz

d407bcab36

FIX: Correctly escape category description text (#8107 )

* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`

2019-10-01 12:04:39 -04:00

Sam Saffron

4ea21fa2d0

DEV: use #frozen_string_literal: true on all spec

This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction

2019-04-30 10:27:42 +10:00

Sam db14e10943 SECURITY: category badges should HTML escape names 2018-06-28 18:15:07 +10:00

3 Commits