Merge pull request #1951 from NginxProxyManager/test-html-encode

Fix #1950 attempt to encode hdomain values before render
This commit is contained in:
jc21 2022-03-25 09:03:30 +10:00 committed by GitHub
commit 3538f9719f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 22 additions and 15 deletions

View File

@ -7,7 +7,7 @@
<form>
<div class="row">
<div class="col-sm-12 col-md-12">
<%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
<%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
<% if (certificate_id) { %>
<br><br>
<%- i18n('ssl', 'delete-ssl') %>

View File

@ -7,7 +7,7 @@
<form>
<div class="row">
<div class="col-sm-12 col-md-12">
<%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
<%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
<% if (certificate_id) { %>
<br><br>
<%- i18n('ssl', 'delete-ssl') %>

View File

@ -7,7 +7,7 @@
<form>
<div class="row">
<div class="col-sm-12 col-md-12">
<%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
<%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
<% if (certificate_id) { %>
<br><br>
<%- i18n('ssl', 'delete-ssl') %>

View File

@ -7,7 +7,7 @@
<form>
<div class="row">
<div class="col-sm-12 col-md-12">
<%= i18n('users', 'delete-confirm', {name: name}) %>
<%= i18n('users', 'delete-confirm', {name: name.toHtmlEntities()}) %>
</div>
</div>
</form>

View File

@ -103,6 +103,13 @@ window.tabler = {
}
};
String.prototype.toHtmlEntities = function() {
return this.replace(/./gm, function(s) {
// return "&#" + s.charCodeAt(0) + ";";
return (s.match(/[a-z0-9\s]+/i)) ? s : "&#" + s.charCodeAt(0) + ";";
});
};
require('tabler-core');
const App = require('./app/main');

View File

@ -92,17 +92,17 @@ module.exports = {
]
},
{
test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/,
use: [
{
loader: 'file-loader',
options: {
name: '[name].[ext]',
outputPath: 'assets/'
}
}
]
}
test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/,
use: [
{
loader: 'file-loader',
options: {
name: '[name].[ext]',
outputPath: 'assets/'
}
}
]
}
]
},
plugins: [