From bb2a0201c2631ce7644074ddf7358671c646da75 Mon Sep 17 00:00:00 2001 From: signavio-fghedina Date: Wed, 2 Feb 2022 15:29:50 +0100 Subject: [PATCH 1/4] shouldn't htmlEntities and htmlNumbers pass ? --- src/translate.js | 2 +- test/specs/i18n.spec.js | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/translate.js b/src/translate.js index 7a6e90c..cd42a5b 100644 --- a/src/translate.js +++ b/src/translate.js @@ -184,7 +184,7 @@ export function escapeHtml(unsafe) { } // Used to match HTML entities and HTML characters. - const reUnescapedHtml = /[&<>"']/g + const reUnescapedHtml = /&(?![\w\#]+;)|[<>"']/g // Cast (null,undefined,[] and 0 to empty string => '') const reHasUnescapedHtml = RegExp(reUnescapedHtml.source) diff --git a/test/specs/i18n.spec.js b/test/specs/i18n.spec.js index 02c24d3..4dc0760 100644 --- a/test/specs/i18n.spec.js +++ b/test/specs/i18n.spec.js @@ -217,6 +217,13 @@ describe('i18n', () => { ) }) + it('should not escape html entities or html numbers', () => { + const str = '
& but also html entity_name &

and < are so called \'html entity_number"' + expect(escapeHtml(str)).toBe( + '<div> & but also html entity_name &<p> and < are so called 'html entity_number"' + ) + }) + it('should handle undefined values with markdown', () => { expect( i18n(undefined, { From 1dfee9d2ee53c2f70e58790487c2da588263b1bf Mon Sep 17 00:00:00 2001 From: signavio-fghedina Date: Wed, 2 Feb 2022 15:41:47 +0100 Subject: [PATCH 2/4] one small additional test --- test/specs/i18n.spec.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/specs/i18n.spec.js b/test/specs/i18n.spec.js index 4dc0760..f1631dd 100644 --- a/test/specs/i18n.spec.js +++ b/test/specs/i18n.spec.js @@ -223,6 +223,12 @@ describe('i18n', () => { '<div> & but also html entity_name &<p> and < are so called 'html entity_number"' ) }) + it('should not escape the already escaped', () => { + const str = '<div> & <p> are so called 'html tags"' + expect(escapeHtml(str)).toBe( + '<div> & <p> are so called 'html tags"' + ) + }) it('should handle undefined values with markdown', () => { expect( From 424cec5efee5232863c6a349e12deb596b9f4d7f Mon Sep 17 00:00:00 2001 From: signavio-fghedina Date: Wed, 2 Feb 2022 15:42:36 +0100 Subject: [PATCH 3/4] DRY :) --- test/specs/i18n.spec.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/specs/i18n.spec.js b/test/specs/i18n.spec.js index f1631dd..c42bf2c 100644 --- a/test/specs/i18n.spec.js +++ b/test/specs/i18n.spec.js @@ -225,9 +225,7 @@ describe('i18n', () => { }) it('should not escape the already escaped', () => { const str = '<div> & <p> are so called 'html tags"' - expect(escapeHtml(str)).toBe( - '<div> & <p> are so called 'html tags"' - ) + expect(escapeHtml(str)).toBe(str) }) it('should handle undefined values with markdown', () => { From 7c38fca1573edd2e1b94fcbb55ca719f087ba1e0 Mon Sep 17 00:00:00 2001 From: signavio-fghedina Date: Thu, 3 Feb 2022 09:10:34 +0100 Subject: [PATCH 4/4] more --- test/specs/i18n.spec.js | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/specs/i18n.spec.js b/test/specs/i18n.spec.js index c42bf2c..e8280f0 100644 --- a/test/specs/i18n.spec.js +++ b/test/specs/i18n.spec.js @@ -59,6 +59,17 @@ describe('i18n', () => { 'This is a success.' ) }) + it('should skip html entities/numbers using Markdown in translation messages', () => { + const t = i18n('Entity: • & number: à', { + test: 'success', + markdown: true, + }) + expect(React.isValidElement(t)).toBe(true) + const renderedHtml = ReactDOMServer.renderToStaticMarkup(t) + expect(renderedHtml).toBe( + 'Entity: • & number: à' + ) + }) it('should correctly escape interpolations when used with Markdown', () => { const t = i18n('This is a **__test__**.', {