Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-07-24 23:35:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Do not double-encode HTML in i18n

Browse source 
This issue got introduced in 4bf7f86 due to double

Fixes https://github.com/PrivateBin/PrivateBin/issues/557
Fixes https://github.com/PrivateBin/PrivateBin/issues/558

Also _inverted_ the logic/variable name for containsNoLinks to
the more logical one "containsLinks" to avoid too many negations.

Also verified that the attachment name is stil properly displayed
when you clone a paste.
This commit is contained in:
rugk 2020-01-13 19:17:30 +01:00
parent 9aac073a49
commit 01414e43ca
No known key found for this signature in database
GPG key ID: 05D40A636AFAB34D
3 changed files with 5 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

12
js/privatebin.js
View file

@ -618,21 +618,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
args[0] = translations[messageId];
}
// messageID may contain links, but should be from a trusted source (code or translation JSON files)
let containsNoLinks = args[0].indexOf('<a') === -1;
for (let i = 0; i < args.length; ++i) {
// parameters (i > 0) may never contain HTML as they may come from untrusted parties
if (i > 0 || containsNoLinks) {
args[i] = Helper.htmlEntities(args[i]);
}
}
// messageID may contain links, but only the first parameter, as that is from a trusted source (code or translation JSON files)
let containsLinks = args[0].indexOf('<a') !== -1;
// format string
let output = Helper.sprintf.apply(this, args);
// if $element is given, apply text to element
if ($element !== null) {
if (containsNoLinks) {
if (!containsLinks) {
// avoid HTML entity encoding if translation contains links
$element.text(output);
} else {