Fix #1950 attempt to encode hdomain values before render

2022-03-25 08:31:28 +10:00 · 2022-03-25 08:31:28 +10:00 · feaafdc559
commit feaafdc559
parent eb148eb8f0
6 changed files with 22 additions and 15 deletions
--- a/frontend/js/app/nginx/dead/delete.ejs
+++ b/frontend/js/app/nginx/dead/delete.ejs
@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
--- a/frontend/js/app/nginx/proxy/delete.ejs
+++ b/frontend/js/app/nginx/proxy/delete.ejs
@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
--- a/frontend/js/app/nginx/redirection/delete.ejs
+++ b/frontend/js/app/nginx/redirection/delete.ejs
@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                    <% if (certificate_id) { %>
                        <br><br>
                        <%- i18n('ssl', 'delete-ssl') %>
--- a/frontend/js/app/user/delete.ejs
+++ b/frontend/js/app/user/delete.ejs
@ -7,7 +7,7 @@
        <form>
            <div class="row">
                <div class="col-sm-12 col-md-12">
-                    <%= i18n('users', 'delete-confirm', {name: name}) %>
+                    <%= i18n('users', 'delete-confirm', {name: name.toHtmlEntities()}) %>
                </div>
            </div>
        </form>
--- a/frontend/js/index.js
+++ b/frontend/js/index.js
@ -103,6 +103,13 @@ window.tabler = {
    }
 };
 String.prototype.toHtmlEntities = function() {
    return this.replace(/./gm, function(s) {
        // return "&#" + s.charCodeAt(0) + ";";
        return (s.match(/[a-z0-9\s]+/i)) ? s : "&#" + s.charCodeAt(0) + ";";
    });
 };
 require('tabler-core');
 const App = require('./app/main');
--- a/frontend/webpack.config.js
+++ b/frontend/webpack.config.js
@ -92,17 +92,17 @@ module.exports = {
 				]
 			},
 			{
-        test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/,
+				test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/,
-        use: [
+				use: [
-          {
+					{
-            loader: 'file-loader',
+					loader: 'file-loader',
-            options: {
+					options: {
-              name: '[name].[ext]',
+						name: '[name].[ext]',
-              outputPath: 'assets/'
+						outputPath: 'assets/'
-            }
+					}
-          }
+					}
-        ]
+				]
-      }
+			}
 		]
 	},
 	plugins:   [