github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 13:23:38 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Consistently import escape from discourse-common (#23790)

Browse Source 
`escape` from `pretty-text/sanitizer` is a re-export of the same
function defined in `discourse-common`. Updating the import paths
across the codebase to use the `discourse-common` import path.

`escape` is a rather simple function that can be accomplished with
a regular expression in `discourse-common`.

On the other hand, the remaining parts in `pretty-text/sanitizer`
has a lot of code, PLUS it depend on the rather heavy "xss" NPM
library.

Currently, most of the consumers of `pretty-text/sanitizer` are of
the `{ escape }` varient. This is resolved by this PR.

The remaining usages are either:

1. via/through `PrettyText` which is essentially gated behind
   loading the markdown-it bundle, OR

2. via `sanitize` from `discourse/lib/text`

I believe we may ultimately be able to move all the usages to behind
the markdown-it bundle (or, equivilantly, set up another lazy bundle
for `sanitize`) and be able to shed the sanitization code and the
"xss" library from the initial page load.

`discourse/lib/text` also defines a `sanitizeAsync` which is gated
behind loading the markdown-it bundle.

Looking through the usages of `sanitize`, I believe most of these
can be safely switched to use `sanitizeAsync`, in that they are
already in an asynchrnous path that handles a server response. Most
of them are actually rendering a piece of server-generated HTML
message as flash message, so I am not sure there really is value in
sanitizing (we should be able to trust our own server?), but in any
case, code-wise, they should already be able to absorb the async
just fine.

I am not sure if `sanitize` and `sanitizeAsync` are actually API
compatible – they both take `options` but I think those `options` do
pretty different things. This is somethign for another person to
investigate down the road in another PR.

According to `all-the-plugins`, `discourse-graphviz` also import
from this location, so perhaps we should PR to update. That being
said, it doesn't really hurt anything to keep the alias around for
a while.
This commit is contained in:
Godfrey Chan 2023-10-11 14:21:01 -07:00 committed by GitHub
parent 210d13e3cb
commit 2ae913f45e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/admin/addon/components/themes-list-item.js
View File

@ -2,7 +2,7 @@ import Component from "@ember/component";
import { action } from "@ember/object";
import { and, gt } from "@ember/object/computed";
import { classNameBindings, classNames } from "@ember-decorators/component";
import { escape } from "pretty-text/sanitizer";
import escape from "discourse-common/lib/escape";
import { iconHTML } from "discourse-common/lib/icon-library";
import discourseComputed from "discourse-common/utils/decorators";

2
app/assets/javascripts/discourse-common/addon/lib/avatar-utils.js
View File

@ -1,4 +1,4 @@
import { escape } from "pretty-text/sanitizer";
import escape from "discourse-common/lib/escape";
import { getURLWithCDN } from "discourse-common/lib/get-url";
import { helperContext } from "discourse-common/lib/helpers";
import { deepMerge } from "discourse-common/lib/object";

2
app/assets/javascripts/discourse/app/components/composer-action-title.js
View File

@ -1,7 +1,6 @@
import Component from "@ember/component";
import { alias } from "@ember/object/computed";
import { htmlSafe } from "@ember/template";
import { escape } from "pretty-text/sanitizer";
import {
CREATE_SHARED_DRAFT,
CREATE_TOPIC,
@ -10,6 +9,7 @@ import {
PRIVATE_MESSAGE,
REPLY,
} from "discourse/models/composer";
import escape from "discourse-common/lib/escape";
import { iconHTML } from "discourse-common/lib/icon-library";
import discourseComputed from "discourse-common/utils/decorators";
import I18n from "I18n";

2
app/assets/javascripts/discourse/app/components/modal/login.js
View File

@ -4,13 +4,13 @@ import { action } from "@ember/object";
import { schedule } from "@ember/runloop";
import { inject as service } from "@ember/service";
import { isEmpty } from "@ember/utils";
import { escape } from "pretty-text/sanitizer";
import { ajax } from "discourse/lib/ajax";
import cookie, { removeCookie } from "discourse/lib/cookie";
import { areCookiesEnabled } from "discourse/lib/utilities";
import { wavingHandURL } from "discourse/lib/waving-hand-url";
import { findAll } from "discourse/models/login-method";
import { SECOND_FACTOR_METHODS } from "discourse/models/user";
import escape from "discourse-common/lib/escape";
import I18n from "I18n";
export default class Login extends Component {

2
app/assets/javascripts/discourse/app/components/user-tip.gjs
View File

@ -3,8 +3,8 @@ import { getOwner } from "@ember/application";
import { schedule } from "@ember/runloop";
import { inject as service } from "@ember/service";
import { modifier } from "ember-modifier";
import { escape } from "pretty-text/sanitizer";
import UserTipContainer from "discourse/components/user-tip-container";
import escape from "discourse-common/lib/escape";
import { iconHTML } from "discourse-common/lib/icon-library";
import I18n from "I18n";
import DTooltipInstance from "float-kit/lib/d-tooltip-instance";

2
app/assets/javascripts/discourse/app/lib/render-tag.js
View File

@ -1,6 +1,6 @@
import { escape } from "pretty-text/sanitizer";
import { escapeExpression } from "discourse/lib/utilities";
import User from "discourse/models/user";
import escape from "discourse-common/lib/escape";
import getURL from "discourse-common/lib/get-url";
import { helperContext } from "discourse-common/lib/helpers";

2
app/assets/javascripts/discourse/app/lib/sidebar/user/tags-section/base-tag-section-link.js
View File

@ -1,4 +1,4 @@
import { escape } from "pretty-text/sanitizer";
import escape from "discourse-common/lib/escape";
let customTagSectionLinkPrefixIcons = {};

2
app/assets/javascripts/discourse/app/lib/utilities.js
View File

@ -1,9 +1,9 @@
import Handlebars from "handlebars";
import { escape } from "pretty-text/sanitizer";
import toMarkdown from "discourse/lib/to-markdown";
import { capabilities } from "discourse/services/capabilities";
import * as AvatarUtils from "discourse-common/lib/avatar-utils";
import deprecated from "discourse-common/lib/deprecated";
import escape from "discourse-common/lib/escape";
import getURL from "discourse-common/lib/get-url";
import I18n from "I18n";

2
app/assets/javascripts/discourse/app/services/client-error-handler.js
View File

@ -1,13 +1,13 @@
import { getOwner } from "@ember/application";
import Service, { inject as service } from "@ember/service";
import Ember from "ember";
import { escape } from "pretty-text/sanitizer";
import { getAndClearUnhandledThemeErrors } from "discourse/app";
import { disableImplicitInjections } from "discourse/lib/implicit-injections";
import identifySource, {
consolePrefix,
getThemeInfo,
} from "discourse/lib/source-identifier";
import escape from "discourse-common/lib/escape";
import getURL from "discourse-common/lib/get-url";
import { bind } from "discourse-common/utils/decorators";
import I18n from "I18n";

2
app/assets/javascripts/discourse/app/widgets/post-cooked.js
View File

@ -1,4 +1,3 @@
import { escape } from "pretty-text/sanitizer";
import { spinnerHTML } from "discourse/helpers/loading-spinner";
import { ajax } from "discourse/lib/ajax";
import { isValidLink } from "discourse/lib/click-track";
@ -10,6 +9,7 @@ import {
updateUserStatusOnMention,
} from "discourse/lib/update-user-status-on-mention";
import domFromString from "discourse-common/lib/dom-from-string";
import escape from "discourse-common/lib/escape";
import { getOwnerWithFallback } from "discourse-common/lib/get-owner";
import getURL from "discourse-common/lib/get-url";
import { iconHTML } from "discourse-common/lib/icon-library";