Merge pull request #6525 from overleaf/jpa-harden-translations-sanitize

[web] scripts/translations: sanitize: double down on angular xss

GitOrigin-RevId: d08deab392942e593e920e648118f0e196af1740
This commit is contained in:
Timothée Alby 2022-02-02 11:24:45 +01:00 committed by Copybot
parent 58cf92620a
commit 22ee7d6da2

View file

@ -25,6 +25,9 @@ function sanitize(input) {
a: ['href', 'class'], a: ['href', 'class'],
}, },
textFilter(text) { textFilter(text) {
// Block Angular XSS
if (text === '{') return '{'
if (text === '}') return '}'
return text return text
.replace(/\{\{/, '{{') .replace(/\{\{/, '{{')
.replace(/\}\}/, '}}') .replace(/\}\}/, '}}')