krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-16 22:27:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Better XSS Fix (#12483)

Browse Source 
* Revert "fix(test): adjust expectations"

This reverts commit 205436d5b1.

* Revert "fix(escaping): global inoffensive apostrophe"

This reverts commit 2b8f94b244.

* change <%- to <%=

* fix interpolation only where necessary

* remove unused variable
This commit is contained in:
Matteo Pagliazzi
2020-08-20 20:41:46 +02:00
committed by GitHub
parent 8248c4ca4e
commit 9a07ba7417
1679 changed files with 67532 additions and 67548 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/common/script/i18n.js
View File

@@ -1,6 +1,5 @@
import isString from 'lodash/isString';
import clone from 'lodash/clone';
import forEach from 'lodash/forEach';
import template from 'lodash/template';
const i18n = {
@@ -37,16 +36,9 @@ function t (stringName) {
const clonedVars = clone(vars) || {};
forEach(clonedVars, (val, key) => {
if (typeof clonedVars[key] === 'string') {
clonedVars[key] = clonedVars[key].replace(/'/g, '');
}
});
clonedVars.locale = locale;
if (string) {
string = string.replace(/'/g, '');
try {
return template(string)(clonedVars);
} catch (_error) {