DEV: Remove Handlebars dependency

davidtaylorhq · davidtaylorhq · commit 8a8f9453342f · 2025-04-03T14:41:17.000+01:00
Raw-handlebars will be removed from Discourse core imminently (discourse/discourse#32081) The usage in `custom-user-selector` seemed like it was expecting SafeString to actually do something to escape user input. It doesn't actually do any processing to the string. So I removed it, and added `escapeExpression` around the user input instead. The usage in wizard-char-counter can be easily replaced with Ember's `htmlSafe` helper
diff --git a/assets/javascripts/discourse/components/custom-user-selector.js b/assets/javascripts/discourse/components/custom-user-selector.js
@@ -1,14 +1,14 @@
 import { isEmpty } from "@ember/utils";
-import Handlebars from "handlebars";
 import $ from "jquery";
 import TextField from "discourse/components/text-field";
 import { renderAvatar } from "discourse/helpers/user-avatar";
-import userSearch from "discourse/lib/user-search";
 import {
   default as computed,
   observes,
-} from "discourse-common/utils/decorators";
-import I18n from "I18n";
+} from "discourse/lib/decorators";
+import userSearch from "discourse/lib/user-search";
+import { escapeExpression } from "discourse/lib/utilities";
+import { i18n } from "discourse-i18n";
 
 const template = function (params) {
   const options = params.options;
@@ -17,11 +17,11 @@ const template = function (params) {
   if (options.users) {
     html += "<ul>";
     options.users.forEach((u) => {
-      html += `<li><a href title="${u.name}">`;
+      html += `<li><a href title="${escapeExpression(u.name)}">`;
       html += renderAvatar(u, { imageSize: "tiny" });
-      html += `<span class='username'>${u.username}</span>`;
+      html += `<span class='username'>${escapeExpression(u.username)}</span>`;
       if (u.name) {
-        html += `<span class='name'>${u.name}</span>`;
+        html += `<span class='name'>${escapeExpression(u.name)}</span>`;
       }
       html += `</a></li>`;
     });
@@ -30,7 +30,7 @@ const template = function (params) {
 
   html += "</div>";
 
-  return new Handlebars.SafeString(html).string;
+  return html;
 };
 
 export default TextField.extend({
@@ -42,7 +42,7 @@ export default TextField.extend({
 
   @computed("placeholderKey")
   placeholder(placeholderKey) {
-    return placeholderKey ? I18n.t(placeholderKey) : "";
+    return placeholderKey ? i18n(placeholderKey) : "";
   },
 
   @observes("usernames")
diff --git a/assets/javascripts/discourse/helpers/wizard-char-counter.js b/assets/javascripts/discourse/helpers/wizard-char-counter.js
@@ -1,5 +1,5 @@
-import Handlebars from "handlebars";
 import I18n from "I18n";
+import { htmlSafe } from "@ember/template";
 
 export default function wizardCharCounter(body, maxLength) {
   let bodyLength = body ? body.length : 0;
@@ -17,5 +17,5 @@ export default function wizardCharCounter(body, maxLength) {
     })}</div>`;
   }
 
-  return new Handlebars.SafeString(finalString);
+  return htmlSafe(finalString);
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`		`-import Handlebars from "handlebars";`
`2`	`1`	`import I18n from "I18n";`
	`2`	`+import { htmlSafe } from "@ember/template";`
`3`	`3`
`4`	`4`	`export default function wizardCharCounter(body, maxLength) {`
`5`	`5`	`let bodyLength = body ? body.length : 0;`
`@@ -17,5 +17,5 @@ export default function wizardCharCounter(body, maxLength) {`
`17`	`17`	})}</div>`;
`18`	`18`	`}`
`19`	`19`
`20`		`- return new Handlebars.SafeString(finalString);`
	`20`	`+ return htmlSafe(finalString);`
`21`	`21`	`}`