mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-14 00:15:51 +02:00
Code Issues Releases Wiki Activity

Bump ICU MessageFormat (#3122)

Browse Source 
This uses `Intl.PluralRules` for plural rules, and fixes a security vulnerability allowing JS injection through translation arguments.
This commit is contained in:
Alexander Skvortsov
2021-10-27 16:41:49 -04:00
committed by GitHub
parent db6c8b8774
commit e550b15cea
3 changed files with 22 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
js/src/common/Translator.tsx
View File

@@ -55,16 +55,7 @@ export default class Translator {
if (!parameters.username) parameters.username = username(user);
}
const escapedParameters: TranslatorParameters = {};
for (const param in parameters) {
const paramValue = parameters[param];
if (typeof paramValue === 'string') escapedParameters[param] = <>{parameters[param]}</>;
else escapedParameters[param] = parameters[param];
}
return escapedParameters;
return parameters;
}
trans(id: string, parameters: TranslatorParameters = {}) {