diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2020-05-14 15:03:45 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2020-05-27 15:55:40 +0200 |
| commit | 539e46a07e6d3b7fe8dc8a50601a4d7552022eba (patch) | |
| tree | cfee442b73db3aadab152fa8588b728d70c1d871 /core/src/OC | |
| parent | 03a1932b1561a9b70f63fbbf494cbb9fa7f1e59f (diff) | |
| download | nextcloud-server-539e46a07e6d3b7fe8dc8a50601a4d7552022eba.tar.gz nextcloud-server-539e46a07e6d3b7fe8dc8a50601a4d7552022eba.zip | |
Make the translation sanitization optional
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'core/src/OC')
| -rw-r--r-- | core/src/OC/l10n.js | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/core/src/OC/l10n.js b/core/src/OC/l10n.js index 5ada257d858..6495f514c7d 100644 --- a/core/src/OC/l10n.js +++ b/core/src/OC/l10n.js @@ -12,6 +12,7 @@ import _ from 'underscore' import $ from 'jquery' import DOMPurify from 'dompurify' import Handlebars from 'handlebars' +import identity from 'lodash/fp/identity' import escapeHTML from 'escape-html' import OC from './index' @@ -84,15 +85,20 @@ const L10n = { * @param {number} [count] number to replace %n with * @param {array} [options] options array * @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled) + * @param {bool} [options.sanitize=true] enable/disable sanitization (by default enabled) * @returns {string} */ translate: function(app, text, vars, count, options) { const defaultOptions = { escape: true, + sanitize: true, } const allOptions = options || {} _.defaults(allOptions, defaultOptions) + const optSanitize = allOptions.sanitize ? DOMPurify.sanitize : identity + const optEscape = allOptions.escape ? escapeHTML : identity + // TODO: cache this function to avoid inline recreation // of the same function over and over again in case // translate() is used in a loop @@ -101,13 +107,9 @@ const L10n = { function(a, b) { const r = vars[b] if (typeof r === 'string' || typeof r === 'number') { - if (allOptions.escape) { - return DOMPurify.sanitize(escapeHTML(r)) - } else { - return DOMPurify.sanitize(r) - } + return optSanitize(optEscape(r)) } else { - return DOMPurify.sanitize(a) + return optSanitize(a) } } ) @@ -120,9 +122,9 @@ const L10n = { } if (typeof vars === 'object' || count !== undefined) { - return DOMPurify.sanitize(_build(translation, vars, count)) + return optSanitize(_build(translation, vars, count)) } else { - return DOMPurify.sanitize(translation) + return optSanitize(translation) } }, |