FIX: gists are not html safe (#931)

SamSaffron · web-flow · commit a0aec4860640 · 2024-11-20T10:54:49.000+11:00
Also allow "Everyone" in ai_hot_topic_gists_allowed_groups
diff --git a/assets/javascripts/discourse/components/ai-topic-gist.gjs b/assets/javascripts/discourse/components/ai-topic-gist.gjs
@@ -1,7 +1,6 @@
 import Component from "@glimmer/component";
 import { service } from "@ember/service";
 import { htmlSafe } from "@ember/template";
-import { emojiUnescape, sanitize } from "discourse/lib/text";
 
 export default class AiTopicGist extends Component {
   @service gists;
@@ -10,20 +9,30 @@ export default class AiTopicGist extends Component {
     return this.gists.preference === "table-ai" && this.gists.shouldShow;
   }
 
-  get gistOrExcerpt() {
-    const topic = this.args.topic;
-    const gist = topic.get("ai_topic_gist");
-    const excerpt = emojiUnescape(sanitize(topic.get("excerpt")));
+  get hasGist() {
+    return !!this.gist;
+  }
+
+  get gist() {
+    return this.args.topic.get("ai_topic_gist");
+  }
 
-    return gist || excerpt;
+  get escapedExceprt() {
+    return this.args.topic.get("escapedExcerpt");
   }
 
   <template>
     {{#if this.shouldShow}}
-      {{#if this.gistOrExcerpt}}
+      {{#if this.hasGist}}
         <div class="excerpt">
-          <div>{{htmlSafe this.gistOrExcerpt}}</div>
+          <div>{{this.gist}}</div>
         </div>
+      {{else}}
+        {{#if this.esacpedExceprt}}
+          <div class="excerpt">
+            <div>{{htmlSafe this.escapedExceprt}}</div>
+          </div>
+        {{/if}}
       {{/if}}
     {{/if}}
   </template>
diff --git a/lib/guardian_extensions.rb b/lib/guardian_extensions.rb
@@ -24,6 +24,9 @@ def can_see_summary?(target)
     def can_see_gists?
       return false if !SiteSetting.ai_summarization_enabled
       return false if SiteSetting.ai_summarize_max_hot_topics_gists_per_batch.zero?
+      if SiteSetting.ai_hot_topic_gists_allowed_groups.to_s == Group::AUTO_GROUPS[:everyone].to_s
+        return true
+      end
       return false if anonymous?
       return false if SiteSetting.ai_hot_topic_gists_allowed_groups_map.empty?
 
diff --git a/spec/lib/guardian_extensions_spec.rb b/spec/lib/guardian_extensions_spec.rb
@@ -89,6 +89,14 @@
       end
     end
 
+    context "when setting is set to everyone" do
+      before { SiteSetting.ai_hot_topic_gists_allowed_groups = Group::AUTO_GROUPS[:everyone] }
+
+      it "returns true" do
+        expect(guardian.can_see_gists?).to eq(true)
+      end
+    end
+
     context "when there is a user but it's not a member of the allowed groups" do
       before { SiteSetting.ai_hot_topic_gists_allowed_groups = "" }
 
