From 6ca443a2556e5d4bade9a9ef7d6d877bf1d6fc45 Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Tue, 5 Sep 2017 17:39:45 -0400
Subject: PLT-7522 Cleaned up translation of templates (#7351)

* PLT-7522 Cleaned up translation of templates

* Added unit tests

* Changed TranslateAsHtml to not be variadic
---
 utils/html.go | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

(limited to 'utils/html.go')

diff --git a/utils/html.go b/utils/html.go
index e6050f62a..dfbbe832d 100644
--- a/utils/html.go
+++ b/utils/html.go
@@ -93,8 +93,8 @@ func (t *HTMLTemplate) addDefaultProps() {
 		t.Props["Organization"] = ""
 	}
 
-	t.Html["EmailInfo"] = template.HTML(localT("api.templates.email_info",
-		map[string]interface{}{"SupportEmail": Cfg.SupportSettings.SupportEmail, "SiteName": Cfg.TeamSettings.SiteName}))
+	t.Html["EmailInfo"] = TranslateAsHtml(localT, "api.templates.email_info",
+		map[string]interface{}{"SupportEmail": Cfg.SupportSettings.SupportEmail, "SiteName": Cfg.TeamSettings.SiteName})
 }
 
 func (t *HTMLTemplate) Render() string {
@@ -116,5 +116,26 @@ func (t *HTMLTemplate) RenderToWriter(w http.ResponseWriter) error {
 		l4g.Error(T("api.api.render.error"), t.TemplateName, err)
 		return err
 	}
+
 	return nil
 }
+
+func TranslateAsHtml(t i18n.TranslateFunc, translationID string, args map[string]interface{}) template.HTML {
+	return template.HTML(t(translationID, escapeForHtml(args)))
+}
+
+func escapeForHtml(arg interface{}) interface{} {
+	switch typedArg := arg.(type) {
+	case string:
+		return template.HTMLEscapeString(typedArg)
+	case map[string]interface{}:
+		safeArg := make(map[string]interface{}, len(typedArg))
+		for key, value := range typedArg {
+			safeArg[key] = escapeForHtml(value)
+		}
+		return safeArg
+	default:
+		l4g.Warn("Unable to escape value for HTML template %v", arg)
+		return ""
+	}
+}
-- 
cgit v1.2.3-1-g7c22