TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-25 09:03:12 +03:00
Code Issues Projects Releases Wiki Activity

Escape html for error messages (#956)

Browse Source 
no issue

- if we would like to re-add html in our error messages, we have to differentiate between static messages which can contain html and messages which are dynamic and can contain dynamic input, which should not allow html
- e.g. it is always possible that Ghost receives a message from a third party module, which concats static text with input text
- if we want to show html content from an error, we need to come up with a concept
- for now: no support for html in error messages
This commit is contained in:
Katharina Irrgang 2018-02-07 10:30:04 +01:00 committed by Kevin Ansfield
parent 937418bc6f
commit f0501e8997
5 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ghost/admin/app/templates/reset.hbs
View File

@ -18,7 +18,7 @@
{{gh-task-button "Reset Password" task=resetPassword class="gh-btn gh-btn-blue gh-btn-block gh-btn-icon" type="submit" autoWidth="false"}}
</form>
<p class="main-error">{{{flowErrors}}}</p>
<p class="main-error">{{flowErrors}}&nbsp;</p>
</section>
</div>
</div>

2
ghost/admin/app/templates/setup/two.hbs
View File

@ -92,4 +92,4 @@
{{/gh-task-button}}
</form>
<p class="main-error">{{{flowErrors}}}</p>
<p class="main-error">{{flowErrors}}&nbsp;</p>

2
ghost/admin/app/templates/signin.hbs
View File

@ -50,7 +50,7 @@
tabindex="3"}}
</form>
<p class="main-error">{{{if flowErrors flowErrors "&nbsp;"}}}</p>
<p class="main-error">{{if flowErrors flowErrors}}&nbsp;</p>
</section>
</div>
</div>

2
ghost/admin/app/templates/signup.hbs
View File

@ -67,7 +67,7 @@
class="gh-btn gh-btn-green gh-btn-lg gh-btn-block gh-btn-icon"
tabindex="3"}}
<p class="main-error">{{{if flowErrors flowErrors "&nbsp;"}}}</p>
<p class="main-error">{{if flowErrors flowErrors}}&nbsp;</p>
</section>
</div>

2
ghost/admin/tests/acceptance/setup-test.js
View File

@ -226,7 +226,7 @@ describe('Acceptance: Setup', function () {
.to.equal(0);
// we should show an error message
expect(find('.main-error').text(), 'error text')
.to.equal('Access Denied from url: unknown.com. Please use the url configured in config.js.');
.to.have.string('Access Denied from url: unknown.com. Please use the url configured in config.js.');
});
it('handles validation errors in step 3', async function () {