mirror of
https://github.com/discourse/discourse.git
synced 2024-12-16 05:45:58 +08:00
477bacb3ae
The XSS here is only possible if CSP is disabled. Low impact since CSP is enabled by default in SiteSettings.
30 lines
745 B
JavaScript
30 lines
745 B
JavaScript
import { iconHTML } from "discourse-common/lib/icon-library";
|
|
import { bufferedRender } from "discourse-common/lib/buffered-render";
|
|
import { escapeExpression } from "discourse/lib/utilities";
|
|
|
|
export default Ember.Component.extend(
|
|
bufferedRender({
|
|
classNames: ["watched-word"],
|
|
|
|
buildBuffer(buffer) {
|
|
buffer.push(iconHTML("times"));
|
|
buffer.push(` ${escapeExpression(this.get("word.word"))}`);
|
|
},
|
|
|
|
click() {
|
|
this.word
|
|
.destroy()
|
|
.then(() => {
|
|
this.action(this.word);
|
|
})
|
|
.catch(e => {
|
|
bootbox.alert(
|
|
I18n.t("generic_error_with_reason", {
|
|
error: `http: ${e.status} - ${e.body}`
|
|
})
|
|
);
|
|
});
|
|
}
|
|
})
|
|
);
|