mirror of
https://github.com/zulip/zulip.git
synced 2025-11-04 14:03:30 +00:00
7e4702c9c1
The i18n.t function already escapes HTML, so we should avoid
calling jQuery's text() method, which double escapes the HTML.
The symptom reported here was that if you changed your
timezone to something like like America/Mexico_City, you'd
see `/` instead of `/`.
Most callers to the `ui_report` functions clearly call `i18n.t`
on the messages with code like this:
ui_report.success(i18n.t("No changes to save!"), status);
There are some exceptions:
blueslip.js: has really long hard coded messages
reload.js: mostly says "Reloading...", which perhaps we should
translate
settings_account.js: uses helper functions
settings_lab.js: uses local variable
settings_org.js: i18n happens in property_types
ui.js: uses generic_embed_error (unaffected by this change)
Fixes #7280
81 lines
2.3 KiB
JavaScript
81 lines
2.3 KiB
JavaScript
var ui_report = (function () {
|
|
|
|
var exports = {};
|
|
|
|
/* Arguments used in the report_* functions are,
|
|
response- response that we want to display
|
|
status_box- element being used to display the response
|
|
cls- class that we want to add/remove to/from the status_box
|
|
type- used to define more complex logic for special cases (currently being
|
|
used only for subscriptions-status) */
|
|
|
|
exports.message = function (response, status_box, cls, type) {
|
|
if (cls === undefined) {
|
|
cls = 'alert';
|
|
}
|
|
|
|
if (type === undefined) {
|
|
type = ' ';
|
|
}
|
|
|
|
// Note we use html() below, since we can rely on our callers escaping HTML
|
|
// via i18n.t when interpolating data.
|
|
if (type === 'subscriptions-status') {
|
|
status_box.removeClass(common.status_classes).addClass(cls).children('#response')
|
|
.html(response).stop(true).fadeTo(0, 1);
|
|
} else {
|
|
status_box.removeClass(common.status_classes).addClass(cls)
|
|
.html(response).stop(true).fadeTo(0, 1);
|
|
}
|
|
|
|
status_box.addClass("show");
|
|
};
|
|
|
|
function escape(html) {
|
|
return html
|
|
.toString()
|
|
.replace(/</g, '<')
|
|
.replace(/>/g, '>')
|
|
.replace(/"/g, '"')
|
|
.replace(/'/g, ''');
|
|
}
|
|
|
|
exports.error = function (response, xhr, status_box, type) {
|
|
if (xhr && xhr.status.toString().charAt(0) === "4") {
|
|
// Only display the error response for 4XX, where we've crafted
|
|
// a nice response.
|
|
response += ": " + escape(JSON.parse(xhr.responseText).msg);
|
|
}
|
|
|
|
exports.message(response, status_box, 'alert-error', type);
|
|
};
|
|
|
|
exports.success = function (response, status_box, type) {
|
|
exports.message(response, status_box, 'alert-success', type);
|
|
};
|
|
|
|
exports.generic_embed_error = function (error) {
|
|
var $alert = $("<div class='alert home-error-bar'></div>");
|
|
var $exit = "<div class='exit'></div>";
|
|
|
|
$(".alert-box").append($alert.html($exit + "<div class='content'>" + error + "</div>").addClass("show"));
|
|
};
|
|
|
|
exports.hide_error = function ($target) {
|
|
$target.addClass("fade-out");
|
|
setTimeout(function () {
|
|
$target.removeClass("show fade-out");
|
|
}, 300);
|
|
};
|
|
|
|
exports.show_error = function ($target) {
|
|
$target.addClass("show");
|
|
};
|
|
|
|
return exports;
|
|
}());
|
|
|
|
if (typeof module !== 'undefined') {
|
|
module.exports = ui_report;
|
|
}
|