Make the translation sanitization optional

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2026-04-21 14:23:17 -04:00 · 2020-05-14 15:03:45 +02:00 · 2020-05-14 15:03:45 +02:00 · 74db91910c
commit 74db91910c
parent a0771a389a
17 changed files with 141 additions and 139 deletions
--- a/core/js/dist/files_client.js
+++ b/core/js/dist/files_client.js
--- a/core/js/dist/files_client.js.map
+++ b/core/js/dist/files_client.js.map
--- a/core/js/dist/files_fileinfo.js
+++ b/core/js/dist/files_fileinfo.js
--- a/core/js/dist/files_fileinfo.js.map
+++ b/core/js/dist/files_fileinfo.js.map
--- a/core/js/dist/files_iedavclient.js
+++ b/core/js/dist/files_iedavclient.js
--- a/core/js/dist/files_iedavclient.js.map
+++ b/core/js/dist/files_iedavclient.js.map
--- a/core/js/dist/install.js
+++ b/core/js/dist/install.js
--- a/core/js/dist/install.js.map
+++ b/core/js/dist/install.js.map
--- a/core/js/dist/login.js
+++ b/core/js/dist/login.js
--- a/core/js/dist/login.js.map
+++ b/core/js/dist/login.js.map
--- a/core/js/dist/main.js
+++ b/core/js/dist/main.js
--- a/core/js/dist/main.js.map
+++ b/core/js/dist/main.js.map
--- a/core/js/dist/maintenance.js
+++ b/core/js/dist/maintenance.js
--- a/core/js/dist/maintenance.js.map
+++ b/core/js/dist/maintenance.js.map
--- a/core/js/dist/recommendedapps.js
+++ b/core/js/dist/recommendedapps.js
--- a/core/js/dist/recommendedapps.js.map
+++ b/core/js/dist/recommendedapps.js.map
--- a/core/src/OC/l10n.js
+++ b/core/src/OC/l10n.js
@ -12,6 +12,7 @@ import _ from 'underscore'
 import $ from 'jquery'
 import DOMPurify from 'dompurify'
 import Handlebars from 'handlebars'
+import identity from 'lodash/fp/identity'
 import escapeHTML from 'escape-html'

 import OC from './index'
@ -84,15 +85,20 @@ const L10n = {
 	 * @param {number} [count] number to replace %n with
 	 * @param {array} [options] options array
 	 * @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled)
+	 * @param {bool} [options.sanitize=true] enable/disable sanitization (by default enabled)
 	 * @returns {string}
 	 */
 	translate: function(app, text, vars, count, options) {
 		const defaultOptions = {
 			escape: true,
+			sanitize: true,
 		}
 		const allOptions = options || {}
 		_.defaults(allOptions, defaultOptions)

+		const optSanitize = allOptions.sanitize ? DOMPurify.sanitize : identity
+		const optEscape = allOptions.escape ? escapeHTML : identity
+
 		// TODO: cache this function to avoid inline recreation
 		// of the same function over and over again in case
 		// translate() is used in a loop
@ -101,13 +107,9 @@ const L10n = {
 				function(a, b) {
 					const r = vars[b]
 					if (typeof r === 'string' || typeof r === 'number') {
-						if (allOptions.escape) {
-							return DOMPurify.sanitize(escapeHTML(r))
-						} else {
-							return DOMPurify.sanitize(r)
-						}
+						return optSanitize(optEscape(r))
 					} else {
-						return DOMPurify.sanitize(a)
+						return optSanitize(a)
 					}
 				}
 			)
@ -120,9 +122,9 @@ const L10n = {
 		}

 		if (typeof vars === 'object' || count !== undefined) {
-			return DOMPurify.sanitize(_build(translation, vars, count))
+			return optSanitize(_build(translation, vars, count))
 		} else {
-			return DOMPurify.sanitize(translation)
+			return optSanitize(translation)
 		}
 	},