Explicitely escape user data in translations to avoid XSS

This commit is contained in:
Bat
2018-06-26 17:58:11 +02:00
parent a7b246b726
commit a8b47de28b
5 changed files with 8 additions and 8 deletions
+4 -4
View File
@@ -60,13 +60,13 @@ msgstr ""
msgid "Let's go!"
msgstr ""
msgid "Welcome on {{ instance_name }}"
msgid "Welcome on {{ instance_name | escape }}"
msgstr ""
msgid "Notifications"
msgstr ""
msgid "Written by {{ link_1 }}{{ url }}{{ link_2 }}{{ name }}{{ link_3 }}"
msgid "Written by {{ link_1 }}{{ url }}{{ link_2 }}{{ name | escape }}{{ link_3 }}"
msgstr ""
msgid "This article is under the {{ license }} license."
@@ -180,7 +180,7 @@ msgstr ""
msgid "Update account"
msgstr ""
msgid "{{ name }}'s followers"
msgid "{{ name | escape }}'s followers"
msgstr ""
msgid "Followers"
@@ -249,7 +249,7 @@ msgstr ""
msgid "You need to be logged in order to edit your profile"
msgstr ""
msgid "By {{ link_1 }}{{ link_2 }}{{ link_3 }}{{ name }}{{ link_4 }}"
msgid "By {{ link_1 }}{{ link_2 }}{{ link_3 }}{{ name | escape }}{{ link_4 }}"
msgstr ""
msgid "{{ data }} reshared your article"