discourse/app/assets/javascripts/admin/components/admin-watched-word.js.es6
Guo Xiang Tan 477bacb3ae SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:58:52 +08:00

30 lines
745 B
JavaScript

import { iconHTML } from "discourse-common/lib/icon-library";
import { bufferedRender } from "discourse-common/lib/buffered-render";
import { escapeExpression } from "discourse/lib/utilities";
export default Ember.Component.extend(
bufferedRender({
classNames: ["watched-word"],
buildBuffer(buffer) {
buffer.push(iconHTML("times"));
buffer.push(` ${escapeExpression(this.get("word.word"))}`);
},
click() {
this.word
.destroy()
.then(() => {
this.action(this.word);
})
.catch(e => {
bootbox.alert(
I18n.t("generic_error_with_reason", {
error: `http: ${e.status} - ${e.body}`
})
);
});
}
})
);