discourse/app/views/common/_discourse_javascript.html.erb
Sam 30e0154e5d SECURITY: fix reflected XSS with safe_mode param
(only applies to beta and master)
2016-12-19 10:11:51 +11:00

69 lines
2.3 KiB
Plaintext

<script>
Ember.RSVP.configure('onerror', function(e) {
// Ignore TransitionAborted exceptions that bubble up
if (e && e.message === "TransitionAborted") { return; }
<% if Rails.env.development? %>
if (e) {
if (e.message || e.stack) {
console.log(e.message);
console.log(e.stack);
} else {
console.log("Uncaught promise: ", e);
}
} else {
console.log("A promise failed but was not caught.");
}
<% end %>
window.onerror(e && e.message, null,null,null,e);
});
<% if Rails.env.development? || Rails.env.test? %>
//Ember.ENV.RAISE_ON_DEPRECATION = true
//Ember.LOG_STACKTRACE_ON_DEPRECATION = true
<% end %>
</script>
<script>
<%- if !current_user && flash[:authentication_data] %>
require('discourse/routes/application').default.reopen({
actions: {
didTransition: function() {
Em.run.next(function(){
Discourse.authenticationComplete(<%=flash[:authentication_data].html_safe%>);
});
return this._super();
}
}
});
<%- end %>
(function() {
var ps = require('preload-store').default;
Discourse.CDN = '<%= Rails.configuration.action_controller.asset_host %>';
Discourse.BaseUrl = '<%= RailsMultisite::ConnectionManagement.current_hostname %>'.replace(/:[\d]*$/,"");
Discourse.BaseUri = '<%= Discourse::base_uri %>';
Discourse.Environment = '<%= Rails.env %>';
Discourse.SiteSettings = ps.get('siteSettings');
Discourse.LetterAvatarVersion = '<%= LetterAvatar.version %>';
I18n.defaultLocale = '<%= SiteSetting.default_locale %>';
Discourse.start();
Discourse.set('assetVersion','<%= Discourse.assets_digest %>');
Discourse.Session.currentProp("disableCustomCSS", <%= loading_admin? %>);
<%- if params["safe_mode"] %>
Discourse.Session.currentProp("safe_mode", <%= normalized_safe_mode.inspect.html_safe %>);
<%- end %>
Discourse.HighlightJSPath = <%= HighlightJs.path.inspect.html_safe %>;
<%- if SiteSetting.enable_s3_uploads %>
<%- if SiteSetting.s3_cdn_url.present? %>
Discourse.S3CDN = '<%= SiteSetting.s3_cdn_url %>';
<%- end %>
Discourse.S3BaseUrl = '<%= Discourse.store.absolute_base_url %>';
<%- end %>
})();
</script>
<%= script 'browser-update' %>