github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-03 19:39:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Remove HTML setting type and sanitization logic. (#14440)

Browse Source 
* DEV: Remove HTML setting type and sanitization logic.

We concluded that we don't want settings to contain HTML, so I'm removing the setting type and sanitization logic. Additionally, we no longer allow the global-notice text to contain HTML.

I searched for usages of this setting type in the `all-the-plugins` repo and found none, so I haven't added a migration for existing settings.

* Mark Global notices containing links as HTML Safe.
This commit is contained in:
Roman Rizzi
2021-10-04 15:40:35 -03:00
committed by GitHub
parent 9f626f2735
commit 90a3fbc07b
10 changed files with 24 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/components/site_setting_extension_spec.rb
View File

@ -831,23 +831,6 @@ describe SiteSettingExtension do
expect(setting[:default]).to eq(system_upload.url)
end
end
it 'should sanitize html in the site settings' do
settings.setting(:with_html, '<script></script>rest')
settings.refresh!
setting = settings.all_settings(sanitize_plain_text_settings: true).last
expect(setting[:value]).to eq('rest')
end
it 'settings with html type are not sanitized' do
settings.setting(:with_html, '<script></script>rest', type: :html)
setting = settings.all_settings(sanitize_plain_text_settings: true).last
expect(setting[:value]).to eq('<script></script>rest')
end
end
describe '.client_settings_json_uncached' do
@ -862,19 +845,6 @@ describe SiteSettingExtension do
)
end
it 'should sanitize html in the site settings' do
settings.setting(:with_html, '<script></script>rest', client: true)
settings.setting(:with_symbols, '<>rest', client: true)
settings.setting(:with_unknown_tag, '<rest>rest', client: true)
settings.refresh!
client_settings = JSON.parse settings.client_settings_json_uncached
expect(client_settings['with_html']).to eq('rest')
expect(client_settings['with_symbols']).to eq('<>rest')
expect(client_settings['with_unknown_tag']).to eq('rest')
end
it 'settings with html type are not sanitized' do
settings.setting(:with_html, '<script></script>rest', type: :html, client: true)