From 6b8db71e2e9f27d2bd0dd34bf9006aa42b4516e5 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Thu, 3 Apr 2025 14:41:17 +0100 Subject: [PATCH] DEV: Remove Handlebars dependency Raw-handlebars will be removed from Discourse core imminently (https://github.com/discourse/discourse/pull/32081) The usage in `custom-user-selector` seemed like it was expecting SafeString to actually do something to escape user input. It doesn't actually do any processing to the string. So I removed it, and added `escapeExpression` around the user input instead. The usage in wizard-char-counter can be easily replaced with Ember's `htmlSafe` helper --- .../components/custom-user-selector.js | 19 ++++++++----------- .../discourse/helpers/wizard-char-counter.js | 10 +++++----- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/assets/javascripts/discourse/components/custom-user-selector.js b/assets/javascripts/discourse/components/custom-user-selector.js index ca6dfbdbd..64812607f 100644 --- a/assets/javascripts/discourse/components/custom-user-selector.js +++ b/assets/javascripts/discourse/components/custom-user-selector.js @@ -1,14 +1,11 @@ import { isEmpty } from "@ember/utils"; -import Handlebars from "handlebars"; import $ from "jquery"; import TextField from "discourse/components/text-field"; import { renderAvatar } from "discourse/helpers/user-avatar"; +import { default as computed, observes } from "discourse/lib/decorators"; import userSearch from "discourse/lib/user-search"; -import { - default as computed, - observes, -} from "discourse-common/utils/decorators"; -import I18n from "I18n"; +import { escapeExpression } from "discourse/lib/utilities"; +import { i18n } from "discourse-i18n"; const template = function (params) { const options = params.options; @@ -17,11 +14,11 @@ const template = function (params) { if (options.users) { html += "