Skip to content

Commit 440bed8

Browse files
committed
Fix XSS vulnerability
1 parent eeb8fe1 commit 440bed8

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

Diff for: js/src/common/Translator.ts renamed to js/src/common/Translator.tsx

+12-1
Original file line numberDiff line numberDiff line change
@@ -48,12 +48,23 @@ export default class Translator {
4848
// future there should be a hook here to inspect the user and change the
4949
// translation key. This will allow a gender property to determine which
5050
// translation key is used.
51+
5152
if ('user' in parameters) {
5253
const user = extract(parameters, 'user');
5354

5455
if (!parameters.username) parameters.username = username(user);
5556
}
56-
return parameters;
57+
58+
const escapedParameters: TranslatorParameters = {};
59+
60+
for (const param in parameters) {
61+
const paramValue = parameters[param];
62+
63+
if (typeof paramValue === 'string') escapedParameters[param] = <>{parameters[param]}</>;
64+
else escapedParameters[param] = parameters[param];
65+
}
66+
67+
return escapedParameters;
5768
}
5869

5970
trans(id: string, parameters: TranslatorParameters = {}) {

0 commit comments

Comments
 (0)