Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Translations strings in single/double quoted HTML not escaped properly #3270

Closed
foosel opened this issue Sep 13, 2019 · 1 comment

Comments

@foosel
Copy link
Owner

commented Sep 13, 2019

Problem

Things like

<select data-bind="options: printerProfiles.profiles.items, optionsText: 'name', optionsValue: 'id', value: printerProfile, optionsCaption: '{{ _('Select a printer profile...') }}'"></select>

combined with

msgid "Select a printer profile..."
msgstr "Sélectionner un profil d'imprimante..."

lead to invalid markup (note the single quote within the string)

<select data-bind="options: printerProfiles.profiles.items, optionsText: 'name', optionsValue: 'id', value: printerProfile, optionsCaption: 'Sélectionner un profil d'imprimante...'"></select>

causing binding issues and other shenanigans.

Solution

Escape all unescaped single/double quotes where needed via a custom Jinja filter.

Additional information

See also #3268 (comment), not a regression.

@foosel foosel added this to the 1.3.13 milestone Sep 13, 2019
foosel added a commit that referenced this issue Sep 13, 2019
foosel added a commit that referenced this issue Sep 13, 2019
@foosel foosel modified the milestones: 1.3.13, 1.3.12 Sep 16, 2019
@foosel

This comment has been minimized.

Copy link
Owner Author

commented Sep 16, 2019

While not a regression, still scheduled for 1.3.12rc2 due to usefulness.

@foosel foosel closed this in 93ae368 Oct 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.