mirror of
https://github.com/discourse/discourse.git
synced 2024-11-30 11:34:43 +08:00
FIX: only extract script tags with certain types (#6553)
`script` tags with custom types (e.g. `text/template`) are not executed by the browser, and should not be extracted into an external theme JavaScript
This commit is contained in:
parent
2feadcdafb
commit
f9b36820ef
|
@ -123,9 +123,10 @@ COMPILED
|
||||||
end
|
end
|
||||||
|
|
||||||
doc.css('script').each do |node|
|
doc.css('script').each do |node|
|
||||||
next if node['src'].present?
|
next unless inline_javascript?(node)
|
||||||
|
|
||||||
javascript_cache.content << "(function() { #{node.inner_html} })();"
|
javascript_cache.content << node.inner_html
|
||||||
|
javascript_cache.content << "\n"
|
||||||
node.remove
|
node.remove
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -253,6 +254,24 @@ COMPILED
|
||||||
MessageBus.publish "/header-change/#{theme.id}", self.value if theme && self.name == "header"
|
MessageBus.publish "/header-change/#{theme.id}", self.value if theme && self.name == "header"
|
||||||
MessageBus.publish "/footer-change/#{theme.id}", self.value if theme && self.name == "footer"
|
MessageBus.publish "/footer-change/#{theme.id}", self.value if theme && self.name == "footer"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
JAVASCRIPT_TYPES = %w(
|
||||||
|
text/javascript
|
||||||
|
application/javascript
|
||||||
|
application/ecmascript
|
||||||
|
)
|
||||||
|
|
||||||
|
def inline_javascript?(node)
|
||||||
|
if node['src'].present?
|
||||||
|
false
|
||||||
|
elsif node['type'].present?
|
||||||
|
JAVASCRIPT_TYPES.include?(node['type'].downcase)
|
||||||
|
else
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# == Schema Information
|
# == Schema Information
|
||||||
|
|
|
@ -37,9 +37,18 @@ describe ThemeField do
|
||||||
<script type="text/discourse-plugin" version="0.8">
|
<script type="text/discourse-plugin" version="0.8">
|
||||||
var a = "inline discourse plugin";
|
var a = "inline discourse plugin";
|
||||||
</script>
|
</script>
|
||||||
|
<script type="text/template" data-template="custom-template">
|
||||||
|
<div>custom script type</div>
|
||||||
|
</script>
|
||||||
<script>
|
<script>
|
||||||
var b = "inline raw script";
|
var b = "inline raw script";
|
||||||
</script>
|
</script>
|
||||||
|
<script type="texT/jAvasCripT">
|
||||||
|
var c = "text/javascript";
|
||||||
|
</script>
|
||||||
|
<script type="application/javascript">
|
||||||
|
var d = "application/javascript";
|
||||||
|
</script>
|
||||||
<script src="/external-script.js"></script>
|
<script src="/external-script.js"></script>
|
||||||
HTML
|
HTML
|
||||||
|
|
||||||
|
@ -47,8 +56,27 @@ describe ThemeField do
|
||||||
|
|
||||||
expect(theme_field.value_baked).to include("<script src=\"#{theme_field.javascript_cache.url}\"></script>")
|
expect(theme_field.value_baked).to include("<script src=\"#{theme_field.javascript_cache.url}\"></script>")
|
||||||
expect(theme_field.value_baked).to include("external-script.js")
|
expect(theme_field.value_baked).to include("external-script.js")
|
||||||
expect(theme_field.javascript_cache.content).to include('inline discourse plugin')
|
expect(theme_field.value_baked).to include('<script type="text/template"')
|
||||||
expect(theme_field.javascript_cache.content).to include('inline raw script')
|
expect(theme_field.javascript_cache.content).to include('a = "inline discourse plugin"')
|
||||||
|
expect(theme_field.javascript_cache.content).to include('b = "inline raw script"')
|
||||||
|
expect(theme_field.javascript_cache.content).to include('c = "text/javascript"')
|
||||||
|
expect(theme_field.javascript_cache.content).to include('d = "application/javascript"')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'adds newlines between the extracted javascripts' do
|
||||||
|
html = <<~HTML
|
||||||
|
<script>var a = 10</script>
|
||||||
|
<script>var b = 10</script>
|
||||||
|
HTML
|
||||||
|
|
||||||
|
extracted = <<~JavaScript
|
||||||
|
var a = 10
|
||||||
|
var b = 10
|
||||||
|
JavaScript
|
||||||
|
|
||||||
|
theme_field = ThemeField.create!(theme_id: 1, target_id: 0, name: "header", value: html)
|
||||||
|
|
||||||
|
expect(theme_field.javascript_cache.content).to eq(extracted)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "correctly extracts and generates errors for transpiled js" do
|
it "correctly extracts and generates errors for transpiled js" do
|
||||||
|
|
Loading…
Reference in New Issue
Block a user