hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #6212

Browse Source
v1.18.x
Barış Soner Uşaklı 7 years ago
parent 2c8cef6e92
commit 2f3b7279be
5 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File

4
install/package.json
Unescape Escape View File

@ -69,9 +69,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1", "nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9", "nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "5.0.0", "nodebb-theme-lavender": "5.0.0",
"nodebb-theme-persona": "7.2.10", "nodebb-theme-persona": "7.2.11",
"nodebb-theme-slick": "1.1.2", "nodebb-theme-slick": "1.1.2",
"nodebb-theme-vanilla": "8.1.4", "nodebb-theme-vanilla": "8.1.5",
"nodebb-widget-essentials": "4.0.1", "nodebb-widget-essentials": "4.0.1",
"nodemailer": "4.4.1", "nodemailer": "4.4.1",
"passport": "^0.4.0", "passport": "^0.4.0",

2
public/language/en-GB/pages.json
Unescape Escape View File

@ -22,7 +22,7 @@
"notifications": "Notifications", "notifications": "Notifications",
"tags": "Tags", "tags": "Tags",
"tag": "Topics tagged under \"%1\"", "tag": "Topics tagged under "%1"",
"register": "Register an account", "register": "Register an account",
"registration-complete": "Registration complete", "registration-complete": "Registration complete",
"login": "Login to your account", "login": "Login to your account",

6
public/src/modules/translator.js
Unescape Escape View File

@ -41,13 +41,11 @@
var assign = Object.assign || jQuery.extend; var assign = Object.assign || jQuery.extend;
function escapeHTML(str) { function escapeHTML(str) {
return utils.decodeHTMLEntities( return utils.escapeHTML(utils.decodeHTMLEntities(
String(str) String(str)
.replace(/[\s\xa0]+/g, ' ') .replace(/[\s\xa0]+/g, ' ')
.replace(/^\s+|\s+$/g, '') .replace(/^\s+|\s+$/g, '')
).replace(/[<>]/g, function (c) { ));
return c === '<' ? '&lt;' : '&gt;';
});
} }
var Translator = (function () { var Translator = (function () {

2
src/topics/tags.js
Unescape Escape View File

@ -2,6 +2,7 @@
'use strict'; 'use strict';
var async = require('async'); var async = require('async');
var validator = require('validator');
var db = require('../database'); var db = require('../database');
var meta = require('../meta'); var meta = require('../meta');
@ -191,6 +192,7 @@ module.exports = function (Topics) {
}, },
function (tagData, next) { function (tagData, next) {
tags.forEach(function (tag, index) { tags.forEach(function (tag, index) {
tag.valueEscaped = validator.escape(String(tag.value));
tag.color = tagData[index] ? tagData[index].color : ''; tag.color = tagData[index] ? tagData[index].color : '';
tag.bgColor = tagData[index] ? tagData[index].bgColor : ''; tag.bgColor = tagData[index] ? tagData[index].bgColor : '';
}); });

9
test/translator.js
Unescape Escape View File

@ -114,6 +114,15 @@ describe('new Translator(language)', function () {
}); });
}); });
it('should not unescape html in parameters', function () {
var translator = Translator.create('en-GB');
var key = '[[pages:tag, some&amp;tag]]';
return translator.translate(key).then(function (translated) {
assert.strictEqual(translated, 'Topics tagged under &quot;some&amp;tag&quot;');
});
});
it('should properly escape and ignore % and \\, in arguments', function () { it('should properly escape and ignore % and \\, in arguments', function () {
var translator = Translator.create('en-GB'); var translator = Translator.create('en-GB');

Write Preview
Loading…
Cancel
Save