github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-22 03:05:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Regression with escaping on badge page

Browse Source 
In this branch (stable) we can't run the sanitizer because the bundle is not
loaded. The long badge description is not sanitized, but it
has to be created by an admin so it's extremely low risk.

In the beta / tests-passed branches the text is sanitized.
This commit is contained in:
Robin Ward 2016-07-28 16:11:41 -04:00
parent 5d062206db
commit 9adfccfad1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/discourse/components/badge-card.js.es6
View File

@ -36,10 +36,10 @@ export default Ember.Component.extend({
if (size === 'large') {
const longDescription = this.get('badge.long_description');
if (!_.isEmpty(longDescription)) {
return Discourse.Emoji.unescape(Discourse.Utilities.escapeExpression(longDescription));
return Discourse.Emoji.unescape(longDescription);
}
}
return Discourse.Utilities.escapeExpression(this.get('badge.description'));
return this.get('badge.description');
}
});