Merge pull request #21126 from nextcloud/fix/make-translation-sanitization-optional-stable19

[stable19] Make the translation sanitization optional
2026-06-10 09:13:19 -04:00 · 2020-05-28 09:40:20 +02:00 · 2020-05-28 09:40:20 +02:00 · bdb9f31cf1
commit bdb9f31cf1
parent e33055a318 14b618bcaf
20 changed files with 161 additions and 119 deletions
--- a/apps/settings/js/vue-settings-personal-security.js
+++ b/apps/settings/js/vue-settings-personal-security.js
--- a/apps/settings/js/vue-settings-personal-security.js.map
+++ b/apps/settings/js/vue-settings-personal-security.js.map
--- a/apps/settings/src/components/AuthTokenSection.vue
+++ b/apps/settings/src/components/AuthTokenSection.vue
@ -21,7 +21,7 @@

 <template>
 	<div id="security" class="section">
-		<h2>{{ t('settings', 'Devices & sessions') }}</h2>
+		<h2>{{ t('settings', 'Devices & sessions', {}, undefined, {sanitize: false}) }}</h2>
 		<p class="settings-hint hidden-when-empty">
 			{{ t('settings', 'Web, desktop and mobile clients currently logged in to your account.') }}
 		</p>
--- a/core/js/dist/files_client.js
+++ b/core/js/dist/files_client.js
--- a/core/js/dist/files_client.js.map
+++ b/core/js/dist/files_client.js.map
--- a/core/js/dist/files_fileinfo.js
+++ b/core/js/dist/files_fileinfo.js
--- a/core/js/dist/files_fileinfo.js.map
+++ b/core/js/dist/files_fileinfo.js.map
--- a/core/js/dist/files_iedavclient.js
+++ b/core/js/dist/files_iedavclient.js
--- a/core/js/dist/files_iedavclient.js.map
+++ b/core/js/dist/files_iedavclient.js.map
--- a/core/js/dist/install.js
+++ b/core/js/dist/install.js
--- a/core/js/dist/install.js.map
+++ b/core/js/dist/install.js.map
--- a/core/js/dist/login.js
+++ b/core/js/dist/login.js
--- a/core/js/dist/login.js.map
+++ b/core/js/dist/login.js.map
--- a/core/js/dist/main.js
+++ b/core/js/dist/main.js
--- a/core/js/dist/main.js.map
+++ b/core/js/dist/main.js.map
--- a/core/js/dist/maintenance.js
+++ b/core/js/dist/maintenance.js
--- a/core/js/dist/maintenance.js.map
+++ b/core/js/dist/maintenance.js.map
--- a/core/js/dist/recommendedapps.js
+++ b/core/js/dist/recommendedapps.js
--- a/core/js/dist/recommendedapps.js.map
+++ b/core/js/dist/recommendedapps.js.map
--- a/core/src/OC/l10n.js
+++ b/core/src/OC/l10n.js
@ -12,6 +12,7 @@ import _ from 'underscore'
 import $ from 'jquery'
 import DOMPurify from 'dompurify'
 import Handlebars from 'handlebars'
+import identity from 'lodash/fp/identity'
 import escapeHTML from 'escape-html'

 import OC from './index'
@ -84,15 +85,20 @@ const L10n = {
 	 * @param {number} [count] number to replace %n with
 	 * @param {array} [options] options array
 	 * @param {bool} [options.escape=true] enable/disable auto escape of placeholders (by default enabled)
+	 * @param {bool} [options.sanitize=true] enable/disable sanitization (by default enabled)
 	 * @returns {string}
 	 */
 	translate: function(app, text, vars, count, options) {
 		const defaultOptions = {
 			escape: true,
+			sanitize: true,
 		}
 		const allOptions = options || {}
 		_.defaults(allOptions, defaultOptions)

+		const optSanitize = allOptions.sanitize ? DOMPurify.sanitize : identity
+		const optEscape = allOptions.escape ? escapeHTML : identity
+
 		// TODO: cache this function to avoid inline recreation
 		// of the same function over and over again in case
 		// translate() is used in a loop
@ -101,13 +107,9 @@ const L10n = {
 				function(a, b) {
 					const r = vars[b]
 					if (typeof r === 'string' || typeof r === 'number') {
-						if (allOptions.escape) {
-							return DOMPurify.sanitize(escapeHTML(r))
-						} else {
-							return DOMPurify.sanitize(r)
-						}
+						return optSanitize(optEscape(r))
 					} else {
-						return DOMPurify.sanitize(a)
+						return optSanitize(a)
 					}
 				}
 			)
@ -120,9 +122,9 @@ const L10n = {
 		}

 		if (typeof vars === 'object' || count !== undefined) {
-			return DOMPurify.sanitize(_build(translation, vars, count))
+			return optSanitize(_build(translation, vars, count))
 		} else {
-			return DOMPurify.sanitize(translation)
+			return optSanitize(translation)
 		}
 	},