mirror of
https://github.com/discourse/discourse.git
synced 2024-11-30 01:15:48 +08:00
Consistently import escape
from discourse-common
(#23790)
`escape` from `pretty-text/sanitizer` is a re-export of the same function defined in `discourse-common`. Updating the import paths across the codebase to use the `discourse-common` import path. `escape` is a rather simple function that can be accomplished with a regular expression in `discourse-common`. On the other hand, the remaining parts in `pretty-text/sanitizer` has a lot of code, PLUS it depend on the rather heavy "xss" NPM library. Currently, most of the consumers of `pretty-text/sanitizer` are of the `{ escape }` varient. This is resolved by this PR. The remaining usages are either: 1. via/through `PrettyText` which is essentially gated behind loading the markdown-it bundle, OR 2. via `sanitize` from `discourse/lib/text` I believe we may ultimately be able to move all the usages to behind the markdown-it bundle (or, equivilantly, set up another lazy bundle for `sanitize`) and be able to shed the sanitization code and the "xss" library from the initial page load. `discourse/lib/text` also defines a `sanitizeAsync` which is gated behind loading the markdown-it bundle. Looking through the usages of `sanitize`, I believe most of these can be safely switched to use `sanitizeAsync`, in that they are already in an asynchrnous path that handles a server response. Most of them are actually rendering a piece of server-generated HTML message as flash message, so I am not sure there really is value in sanitizing (we should be able to trust our own server?), but in any case, code-wise, they should already be able to absorb the async just fine. I am not sure if `sanitize` and `sanitizeAsync` are actually API compatible – they both take `options` but I think those `options` do pretty different things. This is somethign for another person to investigate down the road in another PR. According to `all-the-plugins`, `discourse-graphviz` also import from this location, so perhaps we should PR to update. That being said, it doesn't really hurt anything to keep the alias around for a while.
This commit is contained in:
parent
210d13e3cb
commit
2ae913f45e
|
@ -2,7 +2,7 @@ import Component from "@ember/component";
|
|||
import { action } from "@ember/object";
|
||||
import { and, gt } from "@ember/object/computed";
|
||||
import { classNameBindings, classNames } from "@ember-decorators/component";
|
||||
import { escape } from "pretty-text/sanitizer";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import { iconHTML } from "discourse-common/lib/icon-library";
|
||||
import discourseComputed from "discourse-common/utils/decorators";
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import { escape } from "pretty-text/sanitizer";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import { getURLWithCDN } from "discourse-common/lib/get-url";
|
||||
import { helperContext } from "discourse-common/lib/helpers";
|
||||
import { deepMerge } from "discourse-common/lib/object";
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import Component from "@ember/component";
|
||||
import { alias } from "@ember/object/computed";
|
||||
import { htmlSafe } from "@ember/template";
|
||||
import { escape } from "pretty-text/sanitizer";
|
||||
import {
|
||||
CREATE_SHARED_DRAFT,
|
||||
CREATE_TOPIC,
|
||||
|
@ -10,6 +9,7 @@ import {
|
|||
PRIVATE_MESSAGE,
|
||||
REPLY,
|
||||
} from "discourse/models/composer";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import { iconHTML } from "discourse-common/lib/icon-library";
|
||||
import discourseComputed from "discourse-common/utils/decorators";
|
||||
import I18n from "I18n";
|
||||
|
|
|
@ -4,13 +4,13 @@ import { action } from "@ember/object";
|
|||
import { schedule } from "@ember/runloop";
|
||||
import { inject as service } from "@ember/service";
|
||||
import { isEmpty } from "@ember/utils";
|
||||
import { escape } from "pretty-text/sanitizer";
|
||||
import { ajax } from "discourse/lib/ajax";
|
||||
import cookie, { removeCookie } from "discourse/lib/cookie";
|
||||
import { areCookiesEnabled } from "discourse/lib/utilities";
|
||||
import { wavingHandURL } from "discourse/lib/waving-hand-url";
|
||||
import { findAll } from "discourse/models/login-method";
|
||||
import { SECOND_FACTOR_METHODS } from "discourse/models/user";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import I18n from "I18n";
|
||||
|
||||
export default class Login extends Component {
|
||||
|
|
|
@ -3,8 +3,8 @@ import { getOwner } from "@ember/application";
|
|||
import { schedule } from "@ember/runloop";
|
||||
import { inject as service } from "@ember/service";
|
||||
import { modifier } from "ember-modifier";
|
||||
import { escape } from "pretty-text/sanitizer";
|
||||
import UserTipContainer from "discourse/components/user-tip-container";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import { iconHTML } from "discourse-common/lib/icon-library";
|
||||
import I18n from "I18n";
|
||||
import DTooltipInstance from "float-kit/lib/d-tooltip-instance";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import { escape } from "pretty-text/sanitizer";
|
||||
import { escapeExpression } from "discourse/lib/utilities";
|
||||
import User from "discourse/models/user";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import getURL from "discourse-common/lib/get-url";
|
||||
import { helperContext } from "discourse-common/lib/helpers";
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import { escape } from "pretty-text/sanitizer";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
|
||||
let customTagSectionLinkPrefixIcons = {};
|
||||
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
import Handlebars from "handlebars";
|
||||
import { escape } from "pretty-text/sanitizer";
|
||||
import toMarkdown from "discourse/lib/to-markdown";
|
||||
import { capabilities } from "discourse/services/capabilities";
|
||||
import * as AvatarUtils from "discourse-common/lib/avatar-utils";
|
||||
import deprecated from "discourse-common/lib/deprecated";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import getURL from "discourse-common/lib/get-url";
|
||||
import I18n from "I18n";
|
||||
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
import { getOwner } from "@ember/application";
|
||||
import Service, { inject as service } from "@ember/service";
|
||||
import Ember from "ember";
|
||||
import { escape } from "pretty-text/sanitizer";
|
||||
import { getAndClearUnhandledThemeErrors } from "discourse/app";
|
||||
import { disableImplicitInjections } from "discourse/lib/implicit-injections";
|
||||
import identifySource, {
|
||||
consolePrefix,
|
||||
getThemeInfo,
|
||||
} from "discourse/lib/source-identifier";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import getURL from "discourse-common/lib/get-url";
|
||||
import { bind } from "discourse-common/utils/decorators";
|
||||
import I18n from "I18n";
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import { escape } from "pretty-text/sanitizer";
|
||||
import { spinnerHTML } from "discourse/helpers/loading-spinner";
|
||||
import { ajax } from "discourse/lib/ajax";
|
||||
import { isValidLink } from "discourse/lib/click-track";
|
||||
|
@ -10,6 +9,7 @@ import {
|
|||
updateUserStatusOnMention,
|
||||
} from "discourse/lib/update-user-status-on-mention";
|
||||
import domFromString from "discourse-common/lib/dom-from-string";
|
||||
import escape from "discourse-common/lib/escape";
|
||||
import { getOwnerWithFallback } from "discourse-common/lib/get-owner";
|
||||
import getURL from "discourse-common/lib/get-url";
|
||||
import { iconHTML } from "discourse-common/lib/icon-library";
|
||||
|
|
Loading…
Reference in New Issue
Block a user