paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-13 02:17:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

compose_banner: Document recommended HTML banner code path.

Browse Source
This commit is contained in:
Tim Abbott
2023-11-22 13:35:07 -08:00
parent 189718dc64
commit a2e6d6c7c4
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/compose_banner.ts
View File

@@ -132,6 +132,12 @@ export function show_error_message(
$container: JQuery, $container: JQuery,
$bad_input?: JQuery, $bad_input?: JQuery,
): void { ): void {
// Important: This API intentionally does not support passing an
// HTML message; doing so creates unnecessary XSS risk. If you
// want HTML in your compose banner, use a partial subclassing
// compose_banner and the append_compose_banner_to_banner_list
// API; See, for example, automatic_new_visibility_policy_banner.
//
// To prevent the same banner from appearing twice, // To prevent the same banner from appearing twice,
// we remove the banner with a matched classname. // we remove the banner with a matched classname.
$container.find(`.${CSS.escape(classname)}`).remove(); $container.find(`.${CSS.escape(classname)}`).remove();