Make the translation sanitization optional

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2020-05-14 15:03:45 +02:00
parent 03a1932b15
commit 539e46a07e
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
17 changed files with 157 additions and 115 deletions

33
core/js/dist/files_client.js vendored Normal file

File diff suppressed because one or more lines are too long

1
core/js/dist/files_client.js.map vendored Normal file

File diff suppressed because one or more lines are too long

2
core/js/dist/files_fileinfo.js vendored Normal file

File diff suppressed because one or more lines are too long

1
core/js/dist/files_fileinfo.js.map vendored Normal file

File diff suppressed because one or more lines are too long

2
core/js/dist/files_iedavclient.js vendored Normal file

File diff suppressed because one or more lines are too long

1
core/js/dist/files_iedavclient.js.map vendored Normal file

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

38
core/js/dist/login.js vendored

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

98
core/js/dist/main.js vendored

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -12,6 +12,7 @@ import _ from 'underscore'
import $ from 'jquery'
import DOMPurify from 'dompurify'
import Handlebars from 'handlebars'
import identity from 'lodash/fp/identity'
import escapeHTML from 'escape-html'
import OC from './index'
@ -84,15 +85,20 @@ const L10n = {
* @param {number} [count] number to replace %n with
* @param {array} [options] options array
* @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled)
* @param {bool} [options.sanitize=true] enable/disable sanitization (by default enabled)
* @returns {string}
*/
translate: function(app, text, vars, count, options) {
const defaultOptions = {
escape: true,
sanitize: true,
}
const allOptions = options || {}
_.defaults(allOptions, defaultOptions)
const optSanitize = allOptions.sanitize ? DOMPurify.sanitize : identity
const optEscape = allOptions.escape ? escapeHTML : identity
// TODO: cache this function to avoid inline recreation
// of the same function over and over again in case
// translate() is used in a loop
@ -101,13 +107,9 @@ const L10n = {
function(a, b) {
const r = vars[b]
if (typeof r === 'string' || typeof r === 'number') {
if (allOptions.escape) {
return DOMPurify.sanitize(escapeHTML(r))
return optSanitize(optEscape(r))
} else {
return DOMPurify.sanitize(r)
}
} else {
return DOMPurify.sanitize(a)
return optSanitize(a)
}
}
)
@ -120,9 +122,9 @@ const L10n = {
}
if (typeof vars === 'object' || count !== undefined) {
return DOMPurify.sanitize(_build(translation, vars, count))
return optSanitize(_build(translation, vars, count))
} else {
return DOMPurify.sanitize(translation)
return optSanitize(translation)
}
},