Skip to content

Commit

Permalink
pkp/pkp-lib#9408 Permit escaping of mixed content when localizing str…
Browse files Browse the repository at this point in the history
…ings
  • Loading branch information
asmecher committed Jan 29, 2024
1 parent c742c09 commit 590aa4f
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -199,9 +199,11 @@ export default {
cancelLabel: this.__('common.no'),
modalName: 'delete',
title: this.deleteAnnouncementLabel,
message: this.replaceLocaleParams(this.confirmDeleteMessage, {
title: this.localize(announcement.title)
}),
message: this.replaceLocaleParams(
this.confirmDeleteMessage,
{title: this.localize(announcement.title)},
{htmlEscaping: true}
),
callback: () => {
var self = this;
$.ajax({
Expand Down
24 changes: 15 additions & 9 deletions src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue
Original file line number Diff line number Diff line change
Expand Up @@ -27,23 +27,29 @@
<list>
<list-item>
{{
replaceLocaleParams(this.subjectLabel, {
subject: item.subject
})
replaceLocaleParams(
this.subjectLabel,
{subject: item.subject},
{htmlEscaping: true}
)
}}
</list-item>
<list-item v-if="item.fromRoleId">
{{
replaceLocaleParams(this.fromLabel, {
value: getRoleLabel(item.fromRoleId)
})
replaceLocaleParams(
this.fromLabel,
{value: getRoleLabel(item.fromRoleId)},
{htmlEscaping: true}
)
}}
</list-item>
<list-item v-if="item.toRoleId">
{{
replaceLocaleParams(this.toLabel, {
value: getRoleLabel(item.toRoleId)
})
replaceLocaleParams(
this.toLabel,
{value: getRoleLabel(item.toRoleId)},
{htmlEscaping: true}
)
}}
</list-item>
<list-item
Expand Down
11 changes: 10 additions & 1 deletion src/mixins/global.js
Original file line number Diff line number Diff line change
Expand Up @@ -146,11 +146,20 @@ export default {
*
* @param {String} str String to replace params in
* @param {Object} params Key/value hash of params to replace
* @param {Object} [options={}]
* @param {boolean} [options.htmlEscaping=false] - Set to `true` to escape HTML content in param values.
* @return {String}
*/
replaceLocaleParams(str, params) {
replaceLocaleParams(str, params, options = {}) {
const {htmlEscaping} = options;

for (var param in params) {
let value = params[param];
if (htmlEscaping) {
var p = document.createElement('p');
p.innerText = value;
value = p.innerHTML;
}
// If a locale object is passed, take the value from the current locale
if (value === Object(value)) {
value = this.localize(value);
Expand Down

0 comments on commit 590aa4f

Please sign in to comment.