diff options
Diffstat (limited to 'utils')
-rw-r--r-- | utils/html.go | 25 | ||||
-rw-r--r-- | utils/html_test.go | 53 |
2 files changed, 76 insertions, 2 deletions
diff --git a/utils/html.go b/utils/html.go index e6050f62a..dfbbe832d 100644 --- a/utils/html.go +++ b/utils/html.go @@ -93,8 +93,8 @@ func (t *HTMLTemplate) addDefaultProps() { t.Props["Organization"] = "" } - t.Html["EmailInfo"] = template.HTML(localT("api.templates.email_info", - map[string]interface{}{"SupportEmail": Cfg.SupportSettings.SupportEmail, "SiteName": Cfg.TeamSettings.SiteName})) + t.Html["EmailInfo"] = TranslateAsHtml(localT, "api.templates.email_info", + map[string]interface{}{"SupportEmail": Cfg.SupportSettings.SupportEmail, "SiteName": Cfg.TeamSettings.SiteName}) } func (t *HTMLTemplate) Render() string { @@ -116,5 +116,26 @@ func (t *HTMLTemplate) RenderToWriter(w http.ResponseWriter) error { l4g.Error(T("api.api.render.error"), t.TemplateName, err) return err } + return nil } + +func TranslateAsHtml(t i18n.TranslateFunc, translationID string, args map[string]interface{}) template.HTML { + return template.HTML(t(translationID, escapeForHtml(args))) +} + +func escapeForHtml(arg interface{}) interface{} { + switch typedArg := arg.(type) { + case string: + return template.HTMLEscapeString(typedArg) + case map[string]interface{}: + safeArg := make(map[string]interface{}, len(typedArg)) + for key, value := range typedArg { + safeArg[key] = escapeForHtml(value) + } + return safeArg + default: + l4g.Warn("Unable to escape value for HTML template %v", arg) + return "" + } +} diff --git a/utils/html_test.go b/utils/html_test.go new file mode 100644 index 000000000..8dc70242a --- /dev/null +++ b/utils/html_test.go @@ -0,0 +1,53 @@ +// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package utils + +import ( + "html/template" + "testing" +) + +func TestTranslateAsHtml(t *testing.T) { + TranslationsPreInit() + + translateFunc := TfuncWithFallback("en") + + expected := "To finish updating your email address for YOUR TEAM HERE, please click the link below to confirm this is the right address." + if actual := TranslateAsHtml(translateFunc, "api.templates.email_change_verify_body.info", + map[string]interface{}{"TeamDisplayName": "YOUR TEAM HERE"}); actual != template.HTML(expected) { + t.Fatalf("Incorrectly translated template, got %v, expected %v", actual, expected) + } + + expected = "To finish updating your email address for <b>YOUR TEAM HERE</b>, please click the link below to confirm this is the right address." + if actual := TranslateAsHtml(translateFunc, "api.templates.email_change_verify_body.info", + map[string]interface{}{"TeamDisplayName": "<b>YOUR TEAM HERE</b>"}); actual != template.HTML(expected) { + t.Fatalf("Incorrectly translated template, got %v, expected %v", actual, expected) + } +} + +func TestEscapeForHtml(t *testing.T) { + input := "abc" + expected := "abc" + if actual := escapeForHtml(input).(string); actual != expected { + t.Fatalf("incorrectly escaped %v, got %v expected %v", input, actual, expected) + } + + input = "<b>abc</b>" + expected = "<b>abc</b>" + if actual := escapeForHtml(input).(string); actual != expected { + t.Fatalf("incorrectly escaped %v, got %v expected %v", input, actual, expected) + } + + inputMap := map[string]interface{}{ + "abc": "abc", + "123": "<b>123</b>", + } + expectedMap := map[string]interface{}{ + "abc": "abc", + "123": "<b>123</b>", + } + if actualMap := escapeForHtml(inputMap).(map[string]interface{}); actualMap["abc"] != expectedMap["abc"] || actualMap["123"] != expectedMap["123"] { + t.Fatalf("incorrectly escaped %v, got %v expected %v", inputMap, actualMap, expectedMap) + } +} |