From 50f5b2cd5f71ebabbdafb9a390c7e078851c82c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Thu, 11 Jun 2026 22:00:51 -0400
Subject: [PATCH 1/3] fix: escapes and tx

---
 library.js                                   | 14 +++++++++-----
 public/templates/widgets/activeusers.tpl     |  2 +-
 public/templates/widgets/categories.tpl      |  6 +++---
 public/templates/widgets/latestusers.tpl     |  2 +-
 public/templates/widgets/moderators.tpl      |  2 +-
 public/templates/widgets/onlineusers.tpl     |  2 +-
 public/templates/widgets/partials/posts.tpl  |  6 +++---
 public/templates/widgets/partials/topics.tpl |  4 ++--
 public/templates/widgets/populartags.tpl     |  4 ++--
 public/templates/widgets/search.tpl          |  2 +-
 public/templates/widgets/topposters.tpl      |  2 +-
 11 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/library.js b/library.js
index 00dcee6..ac2f2a2 100644
--- a/library.js
+++ b/library.js
@@ -1,7 +1,6 @@
 'use strict';
 
 const nconf = nodebb.require('nconf');
-const validator = nodebb.require('validator');
 const benchpressjs = nodebb.require('benchpressjs');
 const _ = nodebb.require('lodash');
 
@@ -31,7 +30,10 @@ Widget.renderHTMLWidget = async function (widget) {
 		return null;
 	}
 	const tpl = widget.data ? widget.data.html : '';
-	widget.html = await benchpressjs.compileRender(String(tpl), widget.templateData);
+	widget.html = await benchpressjs.compileRender(String(tpl), {
+		_i18n: widget.res.locals._i18n,
+		...widget.templateData,
+	});
 	return widget;
 };
 
@@ -73,6 +75,7 @@ Widget.renderSearchWidget = async function (widget) {
 	});
 
 	widget.html = await app.renderAsync('widgets/search', {
+		_i18n: widget.res.locals._i18n,
 		inOptions: inOptions,
 		showInControl: widget.data.showInControl === 'on',
 		enableQuickSearch: widget.data.enableQuickSearch === 'on',
@@ -116,6 +119,7 @@ Widget.renderRecentViewWidget = async function (widget) {
 		categories.getCidsByPrivilege('categories:cid', widget.uid, 'topics:create'),
 	]);
 
+	data._i18n = widget.res.locals._i18n;
 	data.relative_path = nconf.get('relative_path');
 	data.loggedIn = !!widget.req.uid;
 	data.config = data.config || {};
@@ -305,6 +309,7 @@ Widget.renderCategories = async function (widget) {
 	categoryData = categoryData.filter(c => c && c.cid !== -1);
 	const tree = categories.getTree(categoryData, 0);
 	widget.html = await app.renderAsync('widgets/categories', {
+		_i18n: widget.res.locals._i18n,
 		categories: tree,
 		relative_path: nconf.get('relative_path'),
 	});
@@ -442,6 +447,7 @@ Widget.renderSuggestedTopics = async function (widget) {
 
 
 	widget.html = await app.renderAsync('widgets/suggestedtopics', {
+		_i18n: widget.res.locals._i18n,
 		topics: topicData,
 		config: widget.templateData.config,
 		sidebar: sidebarLocations.includes(widget.location),
@@ -513,6 +519,7 @@ Widget.renderChatRoom = async function (widget) {
 		});
 
 		widget.html = await app.renderAsync('widgets/chat', {
+			_i18n: widget.res.locals._i18n,
 			roomId: roomId,
 			isWidget: true,
 			...roomData,
@@ -668,9 +675,6 @@ Widget.defineWidgets = async function (widgets) {
 	const groupNames = await db.getSortedSetRevRange('groups:visible:createtime', 0, -1);
 	let groupsData = await groups.getGroupsData(groupNames);
 	groupsData = groupsData.filter(Boolean);
-	groupsData.forEach((group) => {
-		group.name = validator.escape(String(group.name));
-	});
 
 	const html = await app.renderAsync('admin/partials/widgets/groupposts', { groups: groupsData });
 	widgets.push({
diff --git a/public/templates/widgets/activeusers.tpl b/public/templates/widgets/activeusers.tpl
index fc6c50e..775de99 100644
--- a/public/templates/widgets/activeusers.tpl
+++ b/public/templates/widgets/activeusers.tpl
@@ -1,7 +1,7 @@
 <div class="{{{ if sidebar }}}row row-cols-1 px-3 gy-2{{{ else }}}row row-cols-2 row-cols-md-3 row-cols-lg-4 row-cols-xl-5 g-4{{{ end }}} mb-2">
 	{{{ each active_users }}}
 	<a href="{config.relative_path}/user/{./userslug}" class="btn btn-ghost d-flex gap-2 ff-secondary align-items-start text-start p-2 ff-base">
-		{buildAvatar(@value, "48px", true, "flex-shrink-0")}
+		{{buildAvatar(@value, "48px", true, "flex-shrink-0")}}
 		<div class="d-flex flex-column gap-1 text-truncate">
 			<div class="fw-semibold text-truncate" title="{./displayname}">{./displayname}</div>
 			<div class="text-xs text-muted text-truncate">
diff --git a/public/templates/widgets/categories.tpl b/public/templates/widgets/categories.tpl
index 38d72f9..6809458 100644
--- a/public/templates/widgets/categories.tpl
+++ b/public/templates/widgets/categories.tpl
@@ -3,7 +3,7 @@
 	<li component="categories/category" data-cid="{./cid}" data-parent-cid="{../parentCid}" class="category-{./cid}">
 		<div class="content d-flex gap-2">
 			<div>
-				{buildCategoryIcon(@value, "24px", "rounded-1")}
+				{{buildCategoryIcon(@value, "24px", "rounded-1")}}
 			</div>
 			<div class="flex-grow-1 align-items-start d-flex flex-column gap-2">
 				<div class="d-grid gap-0">
@@ -11,7 +11,7 @@
 						<!-- IMPORT partials/categories/link.tpl -->
 					</div>
 					{{{ if ./descriptionParsed }}}
-					<div class="description text-muted text-xs w-100">{./descriptionParsed}</div>
+					<div class="description text-muted text-xs w-100">{{./descriptionParsed}}</div>
 					{{{ end }}}
 				</div>
 				{{{ if !config.hideSubCategories }}}
@@ -22,7 +22,7 @@
 					<span class="category-children-item small">
 						<div class="d-flex align-items-center gap-1">
 							<i class="fa fa-fw fa-caret-right text-primary"></i>
-							<a href="{{{ if ./link }}}{./link}{{{ else }}}{config.relative_path}/category/{./slug}{{{ end }}}" class="text-reset fw-semibold">{./name}</a>
+							<a href="{{{ if ./link }}}{./link}{{{ else }}}{config.relative_path}/category/{./slug}{{{ end }}}" class="text-reset fw-semibold">{tx(./name)}</a>
 						</div>
 					</span>
 					{{{ end }}}
diff --git a/public/templates/widgets/latestusers.tpl b/public/templates/widgets/latestusers.tpl
index f8195bb..e11fd68 100644
--- a/public/templates/widgets/latestusers.tpl
+++ b/public/templates/widgets/latestusers.tpl
@@ -1,7 +1,7 @@
 <div class="{{{ if sidebar }}}row row-cols-1 px-3 gy-2{{{ else }}}row row-cols-2 row-cols-md-3 row-cols-lg-4 row-cols-xl-5 g-4{{{ end }}} mb-2">
 	{{{ each users }}}
 	<a href="{config.relative_path}/user/{./userslug}" class="btn btn-ghost d-flex gap-2 ff-secondary align-items-start text-start p-2 ff-base">
-		{buildAvatar(@value, "48px", true, "flex-shrink-0")}
+		{{buildAvatar(@value, "48px", true, "flex-shrink-0")}}
 		<div class="d-flex flex-column gap-1 text-truncate">
 			<div class="fw-semibold text-truncate" title="{./displayname}">{./displayname}</div>
 			<div class="text-xs text-muted text-truncate">
diff --git a/public/templates/widgets/moderators.tpl b/public/templates/widgets/moderators.tpl
index 7dd8ab0..52660fc 100644
--- a/public/templates/widgets/moderators.tpl
+++ b/public/templates/widgets/moderators.tpl
@@ -1,7 +1,7 @@
 <div class="d-flex flex-column gap-1 mb-2">
 	{{{ each moderators }}}
 	<a href="{config.relative_path}/user/{./userslug}" class="btn btn-ghost d-flex gap-2 ff-secondary align-items-start text-start p-2 ff-base flex-grow-1">
-		{buildAvatar(@value, "48px", true, "flex-shrink-0")}
+		{{buildAvatar(@value, "48px", true, "flex-shrink-0")}}
 		<div class="d-flex flex-column gap-1 text-truncate">
 			<div class="fw-semibold text-truncate" title="{./displayname}">{./displayname}</div>
 			<div class="text-xs text-muted text-truncate">@{./username}</div>
diff --git a/public/templates/widgets/onlineusers.tpl b/public/templates/widgets/onlineusers.tpl
index 016b08c..c46327b 100644
--- a/public/templates/widgets/onlineusers.tpl
+++ b/public/templates/widgets/onlineusers.tpl
@@ -1,7 +1,7 @@
 <div class="{{{ if sidebar }}}row row-cols-1 px-3 gy-2{{{ else }}}row row-cols-2 row-cols-md-3 row-cols-lg-4 row-cols-xl-5 g-4{{{ end }}} mb-2">
 	{{{ each online_users }}}
 	<a href="{config.relative_path}/user/{./userslug}" class="btn btn-ghost d-flex gap-2 ff-secondary align-items-start text-start p-2 ff-base">
-		{buildAvatar(@value, "48px", true, "flex-shrink-0")}
+		{{buildAvatar(@value, "48px", true, "flex-shrink-0")}}
 		<div class="d-flex flex-column gap-1 text-truncate">
 			<div class="fw-semibold text-truncate" title="{./displayname}">{./displayname}</div>
 			<div class="text-xs text-muted text-truncate">
diff --git a/public/templates/widgets/partials/posts.tpl b/public/templates/widgets/partials/posts.tpl
index 590b70f..867066f 100644
--- a/public/templates/widgets/partials/posts.tpl
+++ b/public/templates/widgets/partials/posts.tpl
@@ -3,16 +3,16 @@
 	<li data-pid="{./pid}" class="widget-posts d-flex flex-column gap-1">
 		<div class="d-flex gap-2 align-items-center text-sm">
 			<a class="text-decoration-none avatar-tooltip" title="{./user.displayname}" href="{{{ if ./user.userslug }}}{relative_path}/user/{./user.userslug}{{{ else }}}#{{{ end }}}">
-				{buildAvatar(./user, "24px", true)}
+				{{buildAvatar(./user, "24px", true)}}
 			</a>
 
 			<div class="post-author d-flex align-items-center gap-1">
-				<a class="lh-1 fw-semibold" href="{relative_path}/user/{./user.userslug}">{../user.displayname}</a>
+				<a class="lh-1 fw-semibold" href="{relative_path}/user/{./user.userslug}">{./user.displayname}</a>
 			</div>
 			<span class="timeago text-muted lh-1" title="{./timestampISO}"></span>
 		</div>
 		<div class="line-clamp-6 text-sm text-break">
-			{./content}
+			{{./content}}
 		</div>
 
 		<div class="text-end text-xs post-preview-footer">
diff --git a/public/templates/widgets/partials/topics.tpl b/public/templates/widgets/partials/topics.tpl
index 8849796..8219763 100644
--- a/public/templates/widgets/partials/topics.tpl
+++ b/public/templates/widgets/partials/topics.tpl
@@ -3,7 +3,7 @@
 	<li class="widget-topics d-flex gap-2 flex-column">
 		<div class="d-flex gap-3 justify-content-between">
 
-			<a class="topic-title fw-semibold fs-6 text-reset text-break d-block" href="{relative_path}/topic/{./slug}">{./title}</a>
+			<a class="topic-title fw-semibold fs-6 text-reset text-break d-block" href="{relative_path}/topic/{./slug}">{{generateTopicTitle(@value)}}</a>
 			{{{ if ./thumbs.length }}}
 			<a class="topic-thumbs text-decoration-none flex-shrink-0 d-inline-block" href="{config.relative_path}/topic/{./slug}{{{ if ./bookmark }}}/{./bookmark}{{{ end }}}" aria-label="[[topic:thumb-image]]">
 				<img class="topic-thumb rounded-1 bg-light" style="width: auto; max-width: 5.33rem; height: 3.3rem; object-fit: contain;" src="{./thumbs.0.url}" alt=""/>
@@ -14,7 +14,7 @@
 		<div class="d-flex flex-column gap-2 flex-grow-1">
 			<div class="d-flex gap-2 align-items-center text-sm">
 				<a class="text-decoration-none avatar-tooltip" title="{./user.displayname}" href="{{{ if ./teaser.user.userslug }}}{relative_path}/user/{./teaser.user.userslug}{{{ else }}}#{{{ end }}}">
-					{buildAvatar(./teaser.user, "24px", true)}
+					{{buildAvatar(./teaser.user, "24px", true)}}
 				</a>
 
 				<div class="post-author d-flex align-items-center gap-1">
diff --git a/public/templates/widgets/populartags.tpl b/public/templates/widgets/populartags.tpl
index 1c54d7d..b50403c 100644
--- a/public/templates/widgets/populartags.tpl
+++ b/public/templates/widgets/populartags.tpl
@@ -7,7 +7,7 @@
 
 			<div data-width="{./widthPercent}" class="popular-tags-bar position-absolute bg-info opacity-50 start-0 top-0" style="transition: width 750ms ease-out; width: 0%; height:100%; z-index: 0;"></div>
 
-			<a style="background-color: transparent!important; z-index: 1;" class="d-inline-block w-100 text-decoration-none text-bg-info position-relative text-truncate align-middle" href="{{{ if template.category }}}?tag={./valueEncoded}{{{ else }}}{relative_path}/tags/{./valueEncoded}{{{ end }}}"><span class="text-nowrap tag-class-{tags.class}">{./valueEscaped}</span></a>
+			<a style="background-color: transparent!important; z-index: 1;" class="d-inline-block w-100 text-decoration-none text-bg-info position-relative text-truncate align-middle" href="{{{ if template.category }}}?tag={./valueEncoded}{{{ else }}}{relative_path}/tags/{./valueEncoded}{{{ end }}}"><span class="text-nowrap tag-class-{tags.class}">{./value}</span></a>
 		</div>
 
 		<div class="text-center fw-bold p-1 text-end w-25 tag-topic-count border rounded">{./score}</div>
@@ -19,7 +19,7 @@
 	{{{ each tags }}}
 	<div>
 		<a href="{config.relative_path}/tags/{./valueEncoded}" data-tag="{./valueEscaped}" class="btn btn-ghost ff-base d-flex flex-column gap-1 align-items-start justify-content-start text-truncate p-2">
-			<div class="fw-semibold text-nowrap tag-item w-100 text-start text-truncate">{./valueEscaped}</div>
+			<div class="fw-semibold text-nowrap tag-item w-100 text-start text-truncate">{./value}</div>
 			<div class="text-xs text-muted text-nowrap tag-topic-count">[[global:x-topics, {txEscape(formattedNumber(./score))}]]</div>
 		</a>
 	</div>
diff --git a/public/templates/widgets/search.tpl b/public/templates/widgets/search.tpl
index 31d73ec..d87da57 100644
--- a/public/templates/widgets/search.tpl
+++ b/public/templates/widgets/search.tpl
@@ -8,7 +8,7 @@
 					{{{ if showInControl }}}
 					<select name="in" class="form-select">
 						{{{ each inOptions }}}
-						<option value="{./value}" {{{ if ./selected }}} selected {{{ end }}}>{./label}</option>
+						<option value="{./value}" {{{ if ./selected }}} selected {{{ end }}}>{tx(./label)}</option>
 						{{{ end }}}
 					</select>
 					{{{ end }}}
diff --git a/public/templates/widgets/topposters.tpl b/public/templates/widgets/topposters.tpl
index a6a7a34..9783ff3 100644
--- a/public/templates/widgets/topposters.tpl
+++ b/public/templates/widgets/topposters.tpl
@@ -1,7 +1,7 @@
 <div class="{{{ if sidebar }}}row row-cols-1 px-3 gy-2{{{ else }}}row row-cols-2 row-cols-md-3 row-cols-lg-4 row-cols-xl-5 g-4{{{ end }}} mb-2">
 	{{{ each users }}}
 	<a href="{config.relative_path}/user/{./userslug}" class="btn btn-ghost d-flex gap-2 ff-secondary align-items-start text-start p-2 ff-base">
-		{buildAvatar(@value, "48px", true, "flex-shrink-0")}
+		{{buildAvatar(@value, "48px", true, "flex-shrink-0")}}
 		<div class="d-flex flex-column gap-1 text-truncate">
 			<div class="fw-semibold text-truncate" title="{./displayname}">{./displayname}</div>
 			<div class="text-xs text-muted text-truncate">{formattedNumber(./postcount)}</div>

From ed773c1258b21ea83a3e035d339a8cdae6af5f26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Thu, 11 Jun 2026 22:14:06 -0400
Subject: [PATCH 2/3] make a helper to pass _i18n to all widgets

---
 library.js | 56 ++++++++++++++++++++++++++++--------------------------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/library.js b/library.js
index ac2f2a2..da4a52b 100644
--- a/library.js
+++ b/library.js
@@ -25,6 +25,13 @@ Widget.init = async function (params) {
 	app = params.app;
 };
 
+async function renderWidget(widget, template, options) {
+	return await app.renderAsync(template, {
+		_i18n: widget?.res?.locals?._i18n,
+		...options,
+	});
+}
+
 Widget.renderHTMLWidget = async function (widget) {
 	if (!isVisibleInCategory(widget) || !isVisibleInTopic(widget)) {
 		return null;
@@ -74,8 +81,7 @@ Widget.renderSearchWidget = async function (widget) {
 		option.selected = option.value === widget.data.defaultIn;
 	});
 
-	widget.html = await app.renderAsync('widgets/search', {
-		_i18n: widget.res.locals._i18n,
+	widget.html = await renderWidget(widget, 'widgets/search', {
 		inOptions: inOptions,
 		showInControl: widget.data.showInControl === 'on',
 		enableQuickSearch: widget.data.enableQuickSearch === 'on',
@@ -119,13 +125,12 @@ Widget.renderRecentViewWidget = async function (widget) {
 		categories.getCidsByPrivilege('categories:cid', widget.uid, 'topics:create'),
 	]);
 
-	data._i18n = widget.res.locals._i18n;
 	data.relative_path = nconf.get('relative_path');
 	data.loggedIn = !!widget.req.uid;
 	data.config = data.config || {};
 	data.config.relative_path = nconf.get('relative_path');
 	data.canPost = allowedCids.length > 0;
-	widget.html = await app.renderAsync('recent', data);
+	widget.html = await renderWidget(widget, 'recent', data);
 	widget.html = widget.html.replace(/<ol[\s\S]*?<br \/>/, '').replace('<br>', '');
 	return widget;
 };
@@ -136,7 +141,7 @@ Widget.renderOnlineUsersWidget = async function (widget) {
 	let userData = await user.getUsersFields(uids, ['uid', 'username', 'userslug', 'picture', 'status', 'lastonline']);
 	userData = userData.filter(user => user.status !== 'offline');
 	userData.sort((a, b) => b.lastonline - a.lastonline);
-	widget.html = await app.renderAsync('widgets/onlineusers', {
+	widget.html = await renderWidget(widget,'widgets/onlineusers', {
 		online_users: userData,
 		sidebar: sidebarLocations.includes(widget.location),
 		relative_path: nconf.get('relative_path'),
@@ -165,7 +170,7 @@ Widget.renderActiveUsersWidget = async function (widget) {
 		}
 	});
 
-	widget.html = await app.renderAsync('widgets/activeusers', {
+	widget.html = await renderWidget(widget, 'widgets/activeusers', {
 		active_users: userData,
 		sidebar: sidebarLocations.includes(widget.location),
 		relative_path: nconf.get('relative_path'),
@@ -176,7 +181,7 @@ Widget.renderActiveUsersWidget = async function (widget) {
 Widget.renderLatestUsersWidget = async function (widget) {
 	const count = Math.max(1, widget.data.numUsers || 24);
 	const users = await user.getUsersFromSet('users:joindate', widget.uid, 0, count - 1);
-	widget.html = await app.renderAsync('widgets/latestusers', {
+	widget.html = await renderWidget(widget, 'widgets/latestusers', {
 		users: users,
 		sidebar: sidebarLocations.includes(widget.location),
 		relative_path: nconf.get('relative_path'),
@@ -188,7 +193,7 @@ Widget.renderTopPostersWidget = async function (widget) {
 	const count = Math.max(1, widget.data.numUsers || 24);
 	const users = await user.getUsersFromSet('users:postcount', widget.uid, 0, count - 1);
 
-	widget.html = await app.renderAsync('widgets/topposters', {
+	widget.html = await renderWidget(widget, 'widgets/topposters', {
 		users: users,
 		sidebar: sidebarLocations.includes(widget.location),
 		relative_path: nconf.get('relative_path'),
@@ -211,7 +216,7 @@ Widget.renderModeratorsWidget = async function (widget) {
 	if (!moderators.length) {
 		return null;
 	}
-	widget.html = await app.renderAsync('widgets/moderators', {
+	widget.html = await renderWidget(widget, 'widgets/moderators', {
 		moderators: moderators,
 		relative_path: nconf.get('relative_path'),
 	});
@@ -233,7 +238,7 @@ Widget.renderForumStatsWidget = async function (widget) {
 		online: utils.makeNumberHumanReadable(onlineCount + guestCount),
 		statsClass: widget.data.statsClass,
 	};
-	widget.html = await app.renderAsync('widgets/forumstats', stats);
+	widget.html = await renderWidget(widget, 'widgets/forumstats', stats);
 	return widget;
 };
 
@@ -259,14 +264,14 @@ Widget.renderRecentPostsWidget = async function (widget) {
 		);
 		postsData = await posts.getPostSummaryByPids(pids, widget.uid, { stripTags: true });
 	}
-	const data = {
+
+	widget.html = await renderWidget(widget, 'widgets/recentposts', {
 		uuid: utils.generateUUID(),
 		posts: postsData,
 		numPosts: numPosts,
 		cid: cid,
 		relative_path: nconf.get('relative_path'),
-	};
-	widget.html = await app.renderAsync('widgets/recentposts', data);
+	});
 	return widget;
 };
 
@@ -295,7 +300,7 @@ Widget.renderRecentTopicsWidget = async function (widget) {
 			};
 		}
 	});
-	widget.html = await app.renderAsync('widgets/recenttopics', {
+	widget.html = await renderWidget(widget, 'widgets/recenttopics', {
 		topics: data.topics,
 		numTopics: numTopics,
 		relative_path: nconf.get('relative_path'),
@@ -308,8 +313,7 @@ Widget.renderCategories = async function (widget) {
 	let categoryData = await categories.getCategoriesByPrivilege('categories:cid', widget.uid, 'find');
 	categoryData = categoryData.filter(c => c && c.cid !== -1);
 	const tree = categories.getTree(categoryData, 0);
-	widget.html = await app.renderAsync('widgets/categories', {
-		_i18n: widget.res.locals._i18n,
+	widget.html = await renderWidget(widget, 'widgets/categories', {
 		categories: tree,
 		relative_path: nconf.get('relative_path'),
 	});
@@ -337,7 +341,7 @@ Widget.renderPopularTags = async function (widget) {
 		t.widthPercent = ((t.score / maxCount) * 100).toFixed(2);
 	});
 
-	widget.html = await app.renderAsync('widgets/populartags', {
+	widget.html = await renderWidget(widget, 'widgets/populartags', {
 		tags: tags,
 		display,
 		template: widget.templateData.template,
@@ -356,7 +360,7 @@ Widget.renderPopularTopics = async function (widget) {
 		term: widget.data.duration || 'alltime',
 		sort: 'posts',
 	});
-	widget.html = await app.renderAsync('widgets/populartopics', {
+	widget.html = await renderWidget(widget, 'widgets/populartopics', {
 		topics: data.topics,
 		numTopics: numTopics,
 		relative_path: nconf.get('relative_path'),
@@ -375,7 +379,7 @@ Widget.renderTopTopics = async function (widget) {
 		term: widget.data.duration || 'alltime',
 		sort: 'votes',
 	});
-	widget.html = await app.renderAsync('widgets/toptopics', {
+	widget.html = await renderWidget(widget, 'widgets/toptopics', {
 		topics: data.topics,
 		numTopics: numTopics,
 		relative_path: nconf.get('relative_path'),
@@ -390,7 +394,7 @@ Widget.renderMyGroups = async function (widget) {
 	const groupsData = await groups.getUserGroups([uid]);
 	let userGroupData = groupsData.length ? groupsData[0] : [];
 	userGroupData = userGroupData.slice(0, numGroups);
-	widget.html = await app.renderAsync('widgets/groups', {
+	widget.html = await renderWidget(widget, 'widgets/groups', {
 		groups: userGroupData,
 		relative_path: nconf.get('relative_path'),
 	});
@@ -400,7 +404,7 @@ Widget.renderMyGroups = async function (widget) {
 Widget.renderGroupPosts = async function (widget) {
 	const numPosts = parseInt(widget.data.numPosts, 10) || 4;
 	const postsData = await groups.getLatestMemberPosts(widget.data.groupName, numPosts, widget.uid);
-	widget.html = await app.renderAsync('widgets/groupposts', { posts: postsData });
+	widget.html = await renderWidget(widget, 'widgets/groupposts', { posts: postsData });
 	return widget;
 };
 
@@ -408,7 +412,7 @@ Widget.renderNewGroups = async function (widget) {
 	const numGroups = parseInt(widget.data.numGroups, 10) || 8;
 	const groupNames = await db.getSortedSetRevRange('groups:visible:createtime', 0, numGroups - 1);
 	const groupsData = await groups.getGroupsData(groupNames);
-	widget.html = await app.renderAsync('widgets/groups', {
+	widget.html = await renderWidget(widget, 'widgets/groups', {
 		groups: groupsData.filter(Boolean),
 		relative_path: nconf.get('relative_path'),
 	});
@@ -446,8 +450,7 @@ Widget.renderSuggestedTopics = async function (widget) {
 	}
 
 
-	widget.html = await app.renderAsync('widgets/suggestedtopics', {
-		_i18n: widget.res.locals._i18n,
+	widget.html = await renderWidget(widget, 'widgets/suggestedtopics', {
 		topics: topicData,
 		config: widget.templateData.config,
 		sidebar: sidebarLocations.includes(widget.location),
@@ -486,7 +489,7 @@ Widget.renderUserPost = async function (widget) {
 	if (!postObjs.length) {
 		return null;
 	}
-	widget.html = await app.renderAsync('widgets/userpost', {
+	widget.html = await renderWidget(widget, 'widgets/userpost', {
 		posts: postObjs,
 		config: widget.templateData.config,
 		relative_path: nconf.get('relative_path'),
@@ -518,8 +521,7 @@ Widget.renderChatRoom = async function (widget) {
 			}
 		});
 
-		widget.html = await app.renderAsync('widgets/chat', {
-			_i18n: widget.res.locals._i18n,
+		widget.html = await renderWidget(widget, 'widgets/chat', {
 			roomId: roomId,
 			isWidget: true,
 			...roomData,

From 9c9189054e951be2bc7dae68383b2c873c659231 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Thu, 11 Jun 2026 22:15:36 -0400
Subject: [PATCH 3/3] chore: up compat

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 46871fa..ba5726b 100644
--- a/package.json
+++ b/package.json
@@ -30,7 +30,7 @@
   "readmeFilename": "README.md",
   "_from": "nodebb-widget-essentials@~0.0.1",
   "nbbpm": {
-    "compatibility": "^4.12.0"
+    "compatibility": "^4.14.0"
   },
   "devDependencies": {
     "@eslint/js": "^10.0.1",