From 2fcbafa72d56df186465d5d29d1455dbf93d6190 Mon Sep 17 00:00:00 2001 From: Paulo Reis Date: Fri, 28 Jul 2017 17:30:57 +0100 Subject: [PATCH 1/3] Add HTML encoder lib. --- services/web/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/services/web/package.json b/services/web/package.json index eac07a06e5..14c7f00070 100644 --- a/services/web/package.json +++ b/services/web/package.json @@ -41,6 +41,7 @@ "mongojs": "2.4.0", "mongoose": "4.11.4", "multer": "^0.1.8", + "node-html-encoder": "0.0.2", "nodemailer": "2.1.0", "nodemailer-sendgrid-transport": "^0.2.0", "nodemailer-ses-transport": "^1.3.0", From 4849c705de8368d036639cf3ecb5b884d7f9023d Mon Sep 17 00:00:00 2001 From: Paulo Reis Date: Fri, 28 Jul 2017 17:31:28 +0100 Subject: [PATCH 2/3] Optionally ask the translate local method to HTML encode; use it in the problematic tooltip. --- services/web/app/coffee/infrastructure/ExpressLocals.coffee | 6 ++++-- services/web/app/views/project/editor/editor.pug | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/services/web/app/coffee/infrastructure/ExpressLocals.coffee b/services/web/app/coffee/infrastructure/ExpressLocals.coffee index 4c6b3a7722..498127cdbd 100644 --- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee +++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee @@ -11,6 +11,7 @@ async = require("async") Modules = require "./Modules" Url = require "url" PackageVersions = require "./PackageVersions" +htmlEncoder = new require("node-html-encoder").Encoder("numerical") fingerprints = {} Path = require 'path' @@ -151,9 +152,10 @@ module.exports = (app, webRouter, privateApiRouter, publicApiRouter)-> next() webRouter.use (req, res, next)-> - res.locals.translate = (key, vars = {}) -> + res.locals.translate = (key, vars = {}, htmlEncode = false) -> vars.appName = Settings.appName - req.i18n.translate(key, vars) + str = req.i18n.translate(key, vars) + if htmlEncode then htmlEncoder.htmlEncode(str) else str # Don't include the query string parameters, otherwise Google # treats ?nocdn=true as the canonical version res.locals.currentUrl = Url.parse(req.originalUrl).pathname diff --git a/services/web/app/views/project/editor/editor.pug b/services/web/app/views/project/editor/editor.pug index 8b58c98bcd..6007f2e0be 100644 --- a/services/web/app/views/project/editor/editor.pug +++ b/services/web/app/views/project/editor/editor.pug @@ -82,7 +82,7 @@ div.full-size( i.fa.fa-long-arrow-right br a.btn.btn-default.btn-xs( - tooltip-html="'"+translate('go_to_pdf_location_in_code')+"'" + tooltip-html="'"+translate('go_to_pdf_location_in_code', {}, true)+"'" tooltip-placement="right" tooltip-append-to-body="true" ng-click="syncToCode()" From b5486155c0e1e411c9f7a65fcbd864e15fec629a Mon Sep 17 00:00:00 2001 From: Paulo Reis Date: Mon, 31 Jul 2017 14:01:22 +0100 Subject: [PATCH 3/3] Update shrinkwrap to include the HTML encoder. --- services/web/npm-shrinkwrap.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/web/npm-shrinkwrap.json b/services/web/npm-shrinkwrap.json index a8357be7fd..6f6d9e475e 100644 --- a/services/web/npm-shrinkwrap.json +++ b/services/web/npm-shrinkwrap.json @@ -2728,6 +2728,11 @@ "from": "node-forge@0.2.24", "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.2.24.tgz" }, + "node-html-encoder": { + "version": "0.0.2", + "from": "node-html-encoder@0.0.2", + "resolved": "https://registry.npmjs.org/node-html-encoder/-/node-html-encoder-0.0.2.tgz" + }, "node-pre-gyp": { "version": "0.6.30", "from": "node-pre-gyp@0.6.30",