summaryrefslogtreecommitdiffstats
path: root/utils/html.go
diff options
context:
space:
mode:
Diffstat (limited to 'utils/html.go')
-rw-r--r--utils/html.go25
1 files changed, 23 insertions, 2 deletions
diff --git a/utils/html.go b/utils/html.go
index e6050f62a..dfbbe832d 100644
--- a/utils/html.go
+++ b/utils/html.go
@@ -93,8 +93,8 @@ func (t *HTMLTemplate) addDefaultProps() {
t.Props["Organization"] = ""
}
- t.Html["EmailInfo"] = template.HTML(localT("api.templates.email_info",
- map[string]interface{}{"SupportEmail": Cfg.SupportSettings.SupportEmail, "SiteName": Cfg.TeamSettings.SiteName}))
+ t.Html["EmailInfo"] = TranslateAsHtml(localT, "api.templates.email_info",
+ map[string]interface{}{"SupportEmail": Cfg.SupportSettings.SupportEmail, "SiteName": Cfg.TeamSettings.SiteName})
}
func (t *HTMLTemplate) Render() string {
@@ -116,5 +116,26 @@ func (t *HTMLTemplate) RenderToWriter(w http.ResponseWriter) error {
l4g.Error(T("api.api.render.error"), t.TemplateName, err)
return err
}
+
return nil
}
+
+func TranslateAsHtml(t i18n.TranslateFunc, translationID string, args map[string]interface{}) template.HTML {
+ return template.HTML(t(translationID, escapeForHtml(args)))
+}
+
+func escapeForHtml(arg interface{}) interface{} {
+ switch typedArg := arg.(type) {
+ case string:
+ return template.HTMLEscapeString(typedArg)
+ case map[string]interface{}:
+ safeArg := make(map[string]interface{}, len(typedArg))
+ for key, value := range typedArg {
+ safeArg[key] = escapeForHtml(value)
+ }
+ return safeArg
+ default:
+ l4g.Warn("Unable to escape value for HTML template %v", arg)
+ return ""
+ }
+}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-02 17:40:35 +0000