1
0
mirror of https://github.com/LibreTranslate/LibreTranslate.git synced 2024-12-18 08:27:03 +02:00

Merge pull request from qgustavor/patch-1

Properly escape data in the request code
This commit is contained in:
Piero Toffanin 2021-12-09 09:37:03 -05:00 committed by GitHub
commit 714bc0fe8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -145,9 +145,9 @@ document.addEventListener('DOMContentLoaded', function(){
return ['const res = await fetch("' + this.BaseUrl + '/translate", {', return ['const res = await fetch("' + this.BaseUrl + '/translate", {',
' method: "POST",', ' method: "POST",',
' body: JSON.stringify({', ' body: JSON.stringify({',
' q: "' + this.$options.filters.escape(this.inputText) + '",', ' q: ' + this.$options.filters.escape(this.inputText) + ',',
' source: "' + this.$options.filters.escape(this.sourceLang) + '",', ' source: ' + this.$options.filters.escape(this.sourceLang) + ',',
' target: "' + this.$options.filters.escape(this.targetLang) + '",', ' target: ' + this.$options.filters.escape(this.targetLang) + ',',
' format: "' + (this.isHtml ? "html" : "text") + '"', ' format: "' + (this.isHtml ? "html" : "text") + '"',
' }),', ' }),',
' headers: { "Content-Type": "application/json" }', ' headers: { "Content-Type": "application/json" }',
@ -167,7 +167,7 @@ document.addEventListener('DOMContentLoaded', function(){
}, },
filters: { filters: {
escape: function(v){ escape: function(v){
return v.replace('"', '\\\"'); return JSON.stringify(v);
}, },
highlight: function(v){ highlight: function(v){
return Prism.highlight(v, Prism.languages.javascript, 'javascript'); return Prism.highlight(v, Prism.languages.javascript, 'javascript');