From 590aa4f89c79b6ef4ee15b12ac9e1551afd1894b Mon Sep 17 00:00:00 2001 From: Alec Smecher Date: Thu, 12 Oct 2023 16:12:01 -0700 Subject: [PATCH] pkp/pkp-lib#9408 Permit escaping of mixed content when localizing strings --- .../announcements/AnnouncementsListPanel.vue | 8 ++++--- .../emailTemplates/EmailTemplatesListItem.vue | 24 ++++++++++++------- src/mixins/global.js | 11 ++++++++- 3 files changed, 30 insertions(+), 13 deletions(-) diff --git a/src/components/ListPanel/announcements/AnnouncementsListPanel.vue b/src/components/ListPanel/announcements/AnnouncementsListPanel.vue index dcc1953ed..4e38ec290 100644 --- a/src/components/ListPanel/announcements/AnnouncementsListPanel.vue +++ b/src/components/ListPanel/announcements/AnnouncementsListPanel.vue @@ -199,9 +199,11 @@ export default { cancelLabel: this.__('common.no'), modalName: 'delete', title: this.deleteAnnouncementLabel, - message: this.replaceLocaleParams(this.confirmDeleteMessage, { - title: this.localize(announcement.title) - }), + message: this.replaceLocaleParams( + this.confirmDeleteMessage, + {title: this.localize(announcement.title)}, + {htmlEscaping: true} + ), callback: () => { var self = this; $.ajax({ diff --git a/src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue b/src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue index 226cb6589..81bb350a8 100644 --- a/src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue +++ b/src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue @@ -27,23 +27,29 @@ {{ - replaceLocaleParams(this.subjectLabel, { - subject: item.subject - }) + replaceLocaleParams( + this.subjectLabel, + {subject: item.subject}, + {htmlEscaping: true} + ) }} {{ - replaceLocaleParams(this.fromLabel, { - value: getRoleLabel(item.fromRoleId) - }) + replaceLocaleParams( + this.fromLabel, + {value: getRoleLabel(item.fromRoleId)}, + {htmlEscaping: true} + ) }} {{ - replaceLocaleParams(this.toLabel, { - value: getRoleLabel(item.toRoleId) - }) + replaceLocaleParams( + this.toLabel, + {value: getRoleLabel(item.toRoleId)}, + {htmlEscaping: true} + ) }}