Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-02 17:57:36 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-narrative-bot/app
History
Exact
Alan Guo Xiang Tan 5daee2476d
DEV: Use render body instead of render inline in CertificatesController (#37915) 
What is the problem?

- The `DiscourseNarrativeBot::CertificatesController#generate` action
  renders discobot certificate SVGs using `render inline: svg`.
- `render inline:` passes the string through Rails' ERB template engine,
  meaning any ERB tags in the content would be evaluated as Ruby code on
  the server.
- The SVG string is already fully rendered by `CertificateGenerator` —
the
  second ERB evaluation pass is redundant.

What is the solution?

- As a defence in depth measure, replace `render inline: svg` with
  `render body: svg, content_type: "image/svg+xml"` to send the
  pre-rendered SVG string verbatim as the response body with no template
  processing.
- The explicit `content_type` ensures browsers correctly interpret the
  response as SVG, matching the behavior of the `format.svg` block.
2026-02-19 16:41:13 +08:00
..
controllers/discourse_narrative_bot DEV: Use render body instead of render inline in CertificatesController (#37915) 2026-02-19 16:41:13 +08:00
jobs/regular DEV: Clean up scope resolution operators in plugins (#34979) 2025-09-30 14:36:34 +02:00