From feaafdc5596633267a0a248d966b4ce275c958c4 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 25 Mar 2022 08:31:28 +1000 Subject: [PATCH] Fix #1950 attempt to encode hdomain values before render --- frontend/js/app/nginx/dead/delete.ejs | 2 +- frontend/js/app/nginx/proxy/delete.ejs | 2 +- frontend/js/app/nginx/redirection/delete.ejs | 2 +- frontend/js/app/user/delete.ejs | 2 +- frontend/js/index.js | 7 +++++++ frontend/webpack.config.js | 22 ++++++++++---------- 6 files changed, 22 insertions(+), 15 deletions(-) diff --git a/frontend/js/app/nginx/dead/delete.ejs b/frontend/js/app/nginx/dead/delete.ejs index cf720e8..4bebb43 100644 --- a/frontend/js/app/nginx/dead/delete.ejs +++ b/frontend/js/app/nginx/dead/delete.ejs @@ -7,7 +7,7 @@
- <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %> + <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %> <% if (certificate_id) { %>

<%- i18n('ssl', 'delete-ssl') %> diff --git a/frontend/js/app/nginx/proxy/delete.ejs b/frontend/js/app/nginx/proxy/delete.ejs index 2fe099f..74da297 100644 --- a/frontend/js/app/nginx/proxy/delete.ejs +++ b/frontend/js/app/nginx/proxy/delete.ejs @@ -7,7 +7,7 @@
- <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %> + <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %> <% if (certificate_id) { %>

<%- i18n('ssl', 'delete-ssl') %> diff --git a/frontend/js/app/nginx/redirection/delete.ejs b/frontend/js/app/nginx/redirection/delete.ejs index 8353d1b..782d843 100644 --- a/frontend/js/app/nginx/redirection/delete.ejs +++ b/frontend/js/app/nginx/redirection/delete.ejs @@ -7,7 +7,7 @@
- <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %> + <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %> <% if (certificate_id) { %>

<%- i18n('ssl', 'delete-ssl') %> diff --git a/frontend/js/app/user/delete.ejs b/frontend/js/app/user/delete.ejs index 484e278..c10532e 100644 --- a/frontend/js/app/user/delete.ejs +++ b/frontend/js/app/user/delete.ejs @@ -7,7 +7,7 @@
- <%= i18n('users', 'delete-confirm', {name: name}) %> + <%= i18n('users', 'delete-confirm', {name: name.toHtmlEntities()}) %>
diff --git a/frontend/js/index.js b/frontend/js/index.js index bfaa017..3d817d7 100644 --- a/frontend/js/index.js +++ b/frontend/js/index.js @@ -103,6 +103,13 @@ window.tabler = { } }; +String.prototype.toHtmlEntities = function() { + return this.replace(/./gm, function(s) { + // return "&#" + s.charCodeAt(0) + ";"; + return (s.match(/[a-z0-9\s]+/i)) ? s : "&#" + s.charCodeAt(0) + ";"; + }); +}; + require('tabler-core'); const App = require('./app/main'); diff --git a/frontend/webpack.config.js b/frontend/webpack.config.js index 01a09da..05350a4 100644 --- a/frontend/webpack.config.js +++ b/frontend/webpack.config.js @@ -92,17 +92,17 @@ module.exports = { ] }, { - test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/, - use: [ - { - loader: 'file-loader', - options: { - name: '[name].[ext]', - outputPath: 'assets/' - } - } - ] - } + test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/, + use: [ + { + loader: 'file-loader', + options: { + name: '[name].[ext]', + outputPath: 'assets/' + } + } + ] + } ] }, plugins: [