Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 14:36:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

Partial revert "Do not double-encode HTML in i18n", only revert the removal of required encoding logic - still has to be moved

Browse source 
This reverts commit 01414e43ca.
This commit is contained in:
El RIDO 2020-01-18 07:20:05 +01:00
parent 76eff6a87a
commit cec5cb41d7
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
3 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
js/privatebin.js
View file

@ -614,8 +614,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
args[0] = translations[messageId];
}
// messageID may contain links, but only the first parameter, as that is from a trusted source (code or translation JSON files)
// messageID may contain links, but should be from a trusted source (code or translation JSON files)
let containsLinks = args[0].indexOf('<a') !== -1;
for (let i = 0; i < args.length; ++i) {
// parameters (i > 0) may never contain HTML as they may come from untrusted parties
if (i > 0 || containsNoLinks) {
args[i] = Helper.htmlEntities(args[i]);
}
}
// format string
let output = Helper.sprintf.apply(this, args);