Do not double-encode HTML in i18n

This issue got introduced in 4bf7f86 due to double

Fixes https://github.com/PrivateBin/PrivateBin/issues/557
Fixes https://github.com/PrivateBin/PrivateBin/issues/558

Also _inverted_ the logic/variable name for containsNoLinks to
the more logical one "containsLinks" to avoid too many negations.

Also verified that the attachment name is stil properly displayed
when you clone a paste.
This commit is contained in:
rugk 2020-01-13 19:17:30 +01:00
parent 9aac073a49
commit 01414e43ca
No known key found for this signature in database
GPG Key ID: 05D40A636AFAB34D
3 changed files with 5 additions and 11 deletions

View File

@ -618,21 +618,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
args[0] = translations[messageId];
}
// messageID may contain links, but should be from a trusted source (code or translation JSON files)
let containsNoLinks = args[0].indexOf('<a') === -1;
for (let i = 0; i < args.length; ++i) {
// parameters (i > 0) may never contain HTML as they may come from untrusted parties
if (i > 0 || containsNoLinks) {
args[i] = Helper.htmlEntities(args[i]);
}
}
// messageID may contain links, but only the first parameter, as that is from a trusted source (code or translation JSON files)
let containsLinks = args[0].indexOf('<a') !== -1;
// format string
let output = Helper.sprintf.apply(this, args);
// if $element is given, apply text to element
if ($element !== null) {
if (containsNoLinks) {
if (!containsLinks) {
// avoid HTML entity encoding if translation contains links
$element.text(output);
} else {

View File

@ -72,7 +72,7 @@ endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wizOnILU1zHsTf7zI5sUykY0+hYrw0b43LaJv16fudk4K7t+nx2u3jRuGdjwhMZVSLQKb0dgiJ/IpXTaOCZslQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-/d5+ju4pY94Jnb3o2poZNQRxKxJqgmbV4SojFKq/4Gzyz7ft99ptmhwho7pvSVggoh0xlOR3d8EV+sEr3gDxTA==" crossorigin="anonymous"></script>
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />

View File

@ -50,7 +50,7 @@ endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wizOnILU1zHsTf7zI5sUykY0+hYrw0b43LaJv16fudk4K7t+nx2u3jRuGdjwhMZVSLQKb0dgiJ/IpXTaOCZslQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-/d5+ju4pY94Jnb3o2poZNQRxKxJqgmbV4SojFKq/4Gzyz7ft99ptmhwho7pvSVggoh0xlOR3d8EV+sEr3gDxTA==" crossorigin="anonymous"></script>
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />