From 01414e43ca22a8b0e7a2689f72552baf688dd310 Mon Sep 17 00:00:00 2001 From: rugk Date: Mon, 13 Jan 2020 19:17:30 +0100 Subject: [PATCH] Do not double-encode HTML in i18n This issue got introduced in 4bf7f86 due to double Fixes https://github.com/PrivateBin/PrivateBin/issues/557 Fixes https://github.com/PrivateBin/PrivateBin/issues/558 Also _inverted_ the logic/variable name for containsNoLinks to the more logical one "containsLinks" to avoid too many negations. Also verified that the attachment name is stil properly displayed when you clone a paste. --- js/privatebin.js | 12 +++--------- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index dc02e8fd..c83d8ffb 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -618,21 +618,15 @@ jQuery.PrivateBin = (function($, RawDeflate) { args[0] = translations[messageId]; } - // messageID may contain links, but should be from a trusted source (code or translation JSON files) - let containsNoLinks = args[0].indexOf(' 0) may never contain HTML as they may come from untrusted parties - if (i > 0 || containsNoLinks) { - args[i] = Helper.htmlEntities(args[i]); - } - } + // messageID may contain links, but only the first parameter, as that is from a trusted source (code or translation JSON files) + let containsLinks = args[0].indexOf(' - + diff --git a/tpl/page.php b/tpl/page.php index 865b0295..0f8df184 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ endif; ?> - +