From a49e647de390e85163972524b0604ca19967ed5c Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 24 Mar 2017 14:46:51 -0400
Subject: [PATCH 1/2] fixes #5545 again

---
 src/controllers/api.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/controllers/api.js b/src/controllers/api.js
index 92a063e88e..d0975c71fa 100644
--- a/src/controllers/api.js
+++ b/src/controllers/api.js
@@ -73,9 +73,9 @@ apiController.getConfig = function (req, res, next) {
 
 	config.cookies = {
 		enabled: parseInt(meta.config.cookieConsentEnabled, 10) === 1,
-		message: translator.escape(validator.escape(meta.config.cookieConsentMessage) || '[[global:cookies.message]]').replace(/\\/g, '\\\\'),
-		dismiss: translator.escape(validator.escape(meta.config.cookieConsentDismiss) || '[[global:cookies.accept]]').replace(/\\/g, '\\\\'),
-		link: translator.escape(validator.escape(meta.config.cookieConsentLink) || '[[global:cookies.learn_more]]').replace(/\\/g, '\\\\'),
+		message: translator.escape(validator.escape(meta.config.cookieConsentMessage || '[[global:cookies.message]]')).replace(/\\/g, '\\\\'),
+		dismiss: translator.escape(validator.escape(meta.config.cookieConsentDismiss || '[[global:cookies.accept]]')).replace(/\\/g, '\\\\'),
+		link: translator.escape(validator.escape(meta.config.cookieConsentLink || '[[global:cookies.learn_more]]')).replace(/\\/g, '\\\\'),
 	};
 
 	async.waterfall([

From a1f87a5d7f75f804d7348b3e0b4aff224a7128a5 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 24 Mar 2017 15:52:33 -0400
Subject: [PATCH 2/2] added tests for #5545

---
 test/controllers.js | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/test/controllers.js b/test/controllers.js
index e86ae0c00e..e1a3537994 100644
--- a/test/controllers.js
+++ b/test/controllers.js
@@ -1017,6 +1017,50 @@ describe('Controllers', function () {
 		});
 	});
 
+	describe('cookie consent', function () {
+		it('should return relevant data in configs API route', function (done) {
+			request(nconf.get('url') + '/api/config', function (err, res, body) {
+				var parsed;
+				assert.ifError(err);
+				assert.equal(res.statusCode, 200);
+
+				try {
+					parsed = JSON.parse(body);
+				} catch (e) {
+					assert.ifError(e);
+				}
+
+				assert.ok(parsed.cookies);
+				assert.equal('\\\\[\\\\[global:cookies.message\\\\]\\\\]', parsed.cookies.message);
+				assert.equal('\\\\[\\\\[global:cookies.accept\\\\]\\\\]', parsed.cookies.dismiss);
+				assert.equal('\\\\[\\\\[global:cookies.learn_more\\\\]\\\\]', parsed.cookies.link);
+
+				done();
+			});
+		});
+
+		it('response should be parseable when entries have apostrophes', function (done) {
+			meta.configs.set('cookieConsentMessage', 'Julian\'s Message', function (err) {
+				assert.ifError(err);
+
+				request(nconf.get('url') + '/api/config', function (err, res, body) {
+					var parsed;
+					assert.ifError(err);
+					assert.equal(res.statusCode, 200);
+
+					try {
+						parsed = JSON.parse(body);
+					} catch (e) {
+						assert.ifError(e);
+					}
+
+					assert.equal('Julian&#x27;s Message', parsed.cookies.message);
+					done();
+				});
+			});
+		});
+	});
+
 	after(function (done) {
 		var analytics = require('../src/analytics');
 		analytics.writeData(function (err) {