mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #21126 from nextcloud/fix/make-translation-sanitization-optional-stable19 

[stable19] Make the translation sanitization optional
This commit is contained in:
Christoph Wurst 2020-05-28 09:40:20 +02:00 committed by GitHub
parent e33055a318 14b618bcaf
commit bdb9f31cf1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 161 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/settings/js/vue-settings-personal-security.js
View File

File diff suppressed because one or more lines are too long

2
apps/settings/js/vue-settings-personal-security.js.map
View File

File diff suppressed because one or more lines are too long

2
apps/settings/src/components/AuthTokenSection.vue
View File

@ -21,7 +21,7 @@
<template> <template>
<div id="security" class="section"> <div id="security" class="section">
<h2>{{ t('settings', 'Devices & sessions') }}</h2> <h2>{{ t('settings', 'Devices & sessions', {}, undefined, {sanitize: false}) }}</h2>
<p class="settings-hint hidden-when-empty"> <p class="settings-hint hidden-when-empty">
{{ t('settings', 'Web, desktop and mobile clients currently logged in to your account.') }} {{ t('settings', 'Web, desktop and mobile clients currently logged in to your account.') }}
</p> </p>

33
core/js/dist/files_client.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
core/js/dist/files_client.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/files_fileinfo.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
core/js/dist/files_fileinfo.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/files_iedavclient.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
core/js/dist/files_iedavclient.js.map vendored Normal file
View File

File diff suppressed because one or more lines are too long

32
core/js/dist/install.js vendored
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/install.js.map vendored
View File

File diff suppressed because one or more lines are too long

38
core/js/dist/login.js vendored
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/login.js.map vendored
View File

File diff suppressed because one or more lines are too long

98
core/js/dist/main.js vendored
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/main.js.map vendored
View File

File diff suppressed because one or more lines are too long

32
core/js/dist/maintenance.js vendored
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/maintenance.js.map vendored
View File

File diff suppressed because one or more lines are too long

4
core/js/dist/recommendedapps.js vendored
View File

File diff suppressed because one or more lines are too long

2
core/js/dist/recommendedapps.js.map vendored
View File

File diff suppressed because one or more lines are too long

18
core/src/OC/l10n.js
View File

@ -12,6 +12,7 @@ import _ from 'underscore'
import $ from 'jquery' import $ from 'jquery'
import DOMPurify from 'dompurify' import DOMPurify from 'dompurify'
import Handlebars from 'handlebars' import Handlebars from 'handlebars'
import identity from 'lodash/fp/identity'
import escapeHTML from 'escape-html' import escapeHTML from 'escape-html'
import OC from './index' import OC from './index'
@ -84,15 +85,20 @@ const L10n = {
* @param {number} [count] number to replace %n with * @param {number} [count] number to replace %n with
* @param {array} [options] options array * @param {array} [options] options array
* @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled) * @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled)
* @param {bool} [options.sanitize=true] enable/disable sanitization (by default enabled)
* @returns {string} * @returns {string}
*/ */
translate: function(app, text, vars, count, options) { translate: function(app, text, vars, count, options) {
const defaultOptions = { const defaultOptions = {
escape: true, escape: true,
sanitize: true,
} }
const allOptions = options || {} const allOptions = options || {}
_.defaults(allOptions, defaultOptions) _.defaults(allOptions, defaultOptions)
const optSanitize = allOptions.sanitize ? DOMPurify.sanitize : identity
const optEscape = allOptions.escape ? escapeHTML : identity
// TODO: cache this function to avoid inline recreation // TODO: cache this function to avoid inline recreation
// of the same function over and over again in case // of the same function over and over again in case
// translate() is used in a loop // translate() is used in a loop
@ -101,13 +107,9 @@ const L10n = {
function(a, b) { function(a, b) {
const r = vars[b] const r = vars[b]
if (typeof r === 'string' || typeof r === 'number') { if (typeof r === 'string' || typeof r === 'number') {
if (allOptions.escape) { return optSanitize(optEscape(r))
return DOMPurify.sanitize(escapeHTML(r))
} else { } else {
return DOMPurify.sanitize(r) return optSanitize(a)
}
} else {
return DOMPurify.sanitize(a)
} }
} }
) )
@ -120,9 +122,9 @@ const L10n = {
} }
if (typeof vars === 'object' || count !== undefined) { if (typeof vars === 'object' || count !== undefined) {
return DOMPurify.sanitize(_build(translation, vars, count)) return optSanitize(_build(translation, vars, count))
} else { } else {
return DOMPurify.sanitize(translation) return optSanitize(translation)
} }
}, },