Skip to content

[stable18] Make the translation sanitization optional #21127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ChristophWurst merged 2 commits into from
May 28, 2020
Merged

[stable18] Make the translation sanitization optional #21127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0084483
Make the translation sanitization optional
ChristophWurst May 14, 2020
e2bc5ae
Fix devices & sessions sanitization
ChristophWurst May 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions apps/settings/js/vue-settings-personal-security.js
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion apps/settings/js/vue-settings-personal-security.js.map
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion apps/settings/src/components/AuthTokenSection.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

<template>
<div id="security" class="section">
<h2>{{ t('settings', 'Devices & sessions') }}</h2>
<h2>{{ t('settings', 'Devices & sessions', {}, undefined, {sanitize: false}) }}</h2>
<p class="settings-hint hidden-when-empty">
{{ t('settings', 'Web, desktop and mobile clients currently logged in to your account.') }}
</p>
Expand Down
33 changes: 33 additions & 0 deletions core/js/dist/files_client.js
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions core/js/dist/files_client.js.map
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions core/js/dist/files_fileinfo.js
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions core/js/dist/files_fileinfo.js.map
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions core/js/dist/files_iedavclient.js
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions core/js/dist/files_iedavclient.js.map
View file
Open in desktop

Large diffs are not rendered by default.

82 changes: 82 additions & 0 deletions core/js/dist/install.js
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions core/js/dist/install.js.map
View file
Open in desktop

Large diffs are not rendered by default.

32 changes: 16 additions & 16 deletions core/js/dist/login.js
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion core/js/dist/login.js.map
View file
Open in desktop

Large diffs are not rendered by default.

102 changes: 51 additions & 51 deletions core/js/dist/main.js
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion core/js/dist/main.js.map
View file
Open in desktop

Large diffs are not rendered by default.

30 changes: 15 additions & 15 deletions core/js/dist/maintenance.js
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion core/js/dist/maintenance.js.map
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions core/js/dist/recommendedapps.js
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion core/js/dist/recommendedapps.js.map
View file
Open in desktop

Large diffs are not rendered by default.

18 changes: 10 additions & 8 deletions core/src/OC/l10n.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import _ from 'underscore'
import $ from 'jquery'
import DOMPurify from 'dompurify'
import Handlebars from 'handlebars'
import identity from 'lodash/fp/identity'
import escapeHTML from 'escape-html'

import OC from './index'
Expand Down Expand Up @@ -84,15 +85,20 @@ const L10n = {
* @param {number} [count] number to replace %n with
* @param {array} [options] options array
* @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled)
* @param {bool} [options.sanitize=true] enable/disable sanitization (by default enabled)
* @returns {string}
*/
translate: function(app, text, vars, count, options) {
const defaultOptions = {
escape: true,
sanitize: true,
}
const allOptions = options || {}
_.defaults(allOptions, defaultOptions)

const optSanitize = allOptions.sanitize ? DOMPurify.sanitize : identity
const optEscape = allOptions.escape ? escapeHTML : identity

// TODO: cache this function to avoid inline recreation
// of the same function over and over again in case
// translate() is used in a loop
Expand All @@ -101,13 +107,9 @@ const L10n = {
function(a, b) {
const r = vars[b]
if (typeof r === 'string' || typeof r === 'number') {
if (allOptions.escape) {
return DOMPurify.sanitize(escapeHTML(r))
} else {
return DOMPurify.sanitize(r)
}
return optSanitize(optEscape(r))
} else {
return DOMPurify.sanitize(a)
return optSanitize(a)
}
}
)
Expand All @@ -120,9 +122,9 @@ const L10n = {
}

if (typeof vars === 'object' || count !== undefined) {
return DOMPurify.sanitize(_build(translation, vars, count))
return optSanitize(_build(translation, vars, count))
} else {
return DOMPurify.sanitize(translation)
return optSanitize(translation)
}
},

Expand Down