Commit 08d83dc

committed

feat: use dompurify to sanitize translations

Pin same version of `dompurify` used in Theia

1 parent 86f4124 commit 08d83dcCopy full SHA for 08d83dc

File tree

4 files changed

+22

-11

lines changed

arduino-ide-extension
- package.json
- src/browser/dialogs
  - ide-updater
    - ide-updater-dialog.tsx
  - version-welcome-dialog.tsx
yarn.lock

4 files changed

+22

-11

lines changed

`‎arduino-ide-extension/package.json‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@`
`67`	`67`	`"cross-fetch": "^3.1.5",`
`68`	`68`	`"dateformat": "^3.0.3",`
`69`	`69`	`"deepmerge": "^4.2.2",`
	`70`	`+ "dompurify": "^2.4.7",`
`70`	`71`	`"drivelist": "^9.2.4",`
`71`	`72`	`"electron-updater": "^4.6.5",`
`72`	`73`	`"fast-deep-equal": "^3.1.3",`

`‎arduino-ide-extension/src/browser/dialogs/ide-updater/ide-updater-dialog.tsx‎`

Lines changed: 9 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ import {`
`17`	`17`	`} from '../../../common/protocol/ide-updater';`
`18`	`18`	`import { LocalStorageService } from '@theia/core/lib/browser';`
`19`	`19`	`import { WindowService } from '@theia/core/lib/browser/window/window-service';`
	`20`	`+import { sanitize } from 'dompurify';`
`20`	`21`
`21`	`22`	`@injectable()`
`22`	`23`	`export class IDEUpdaterDialogProps extends DialogProps {}`
`@@ -173,9 +174,8 @@ export class IDEUpdaterDialog extends ReactDialog<UpdateInfo \| undefined> {`
`173`	`174`	`footer.appendChild(footerContent);`
`174`	`175`
`175`	`176`	`const footerLink = document.createElement('a');`
`176`		`- footerLink.innerText = nls.localize(`
`177`		`- 'arduino/ide-updater/donateLinkText',`
`178`		`- 'donate to support us'`
	`177`	`+ footerLink.innerText = sanitize(`
	`178`	`+ nls.localize('arduino/ide-updater/donateLinkText', 'donate to support us')`
`179`	`179`	`);`
`180`	`180`	`footerLink.classList.add('ide-updater-dialog--footer-link');`
`181`	`181`	`footerLink.onclick = () =>`
`@@ -190,10 +190,12 @@ export class IDEUpdaterDialog extends ReactDialog<UpdateInfo \| undefined> {`
`190`	`190`	`footerLink.appendChild(footerLinkIcon);`
`191`	`191`
`192`	`192`	`const placeholderKey = '%%link%%';`
`193`		`- const footerText = nls.localize(`
`194`		`- 'arduino/ide-updater/donateText',`
`195`		`- 'Open source is love, {0}',`
`196`		`- placeholderKey`
	`193`	`+ const footerText = sanitize(`
	`194`	`+ nls.localize(`
	`195`	`+ 'arduino/ide-updater/donateText',`
	`196`	`+ 'Open source is love, {0}',`
	`197`	`+ placeholderKey`
	`198`	`+ )`
`197`	`199`	`);`
`198`	`200`	`const placeholder = footerText.indexOf(placeholderKey);`
`199`	`201`	`if (placeholder !== -1) {`

`‎arduino-ide-extension/src/browser/dialogs/version-welcome-dialog.tsx‎`

Lines changed: 7 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import { nls } from '@theia/core';`
`6`	`6`	`import { DialogProps } from '@theia/core/lib/browser';`
`7`	`7`	`import { WindowService } from '@theia/core/lib/browser/window/window-service';`
`8`	`8`	`import { AppService } from '../app-service';`
	`9`	`+import { sanitize } from 'dompurify';`
`9`	`10`
`10`	`11`	`@injectable()`
`11`	`12`	`export class VersionWelcomeDialogProps extends DialogProps {}`
`@@ -87,10 +88,12 @@ export class VersionWelcomeDialog extends ReactDialog<void> {`
`87`	`88`	`const { appVersion } = appInfo;`
`88`	`89`
`89`	`90`	`if (appVersion) {`
`90`		`- this.titleNode.innerHTML = nls.localize(`
`91`		`- 'arduino/versionWelcome/titleWithVersion',`
`92`		`- 'Welcome to the new Arduino IDE {0}!',`
`93`		`- appVersion`
	`91`	`+ this.titleNode.innerText = sanitize(`
	`92`	`+ nls.localize(`
	`93`	`+ 'arduino/versionWelcome/titleWithVersion',`
	`94`	`+ 'Welcome to the new Arduino IDE {0}!',`
	`95`	`+ appVersion`
	`96`	`+ )`
`94`	`97`	`);`
`95`	`98`	`}`
`96`	`99`	`}`

`‎yarn.lock‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -5937,6 +5937,11 @@ dompurify@^2.2.9:`
`5937`	`5937`	`resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.4.7.tgz#277adeb40a2c84be2d42a8bcd45f582bfa4d0cfc"`
`5938`	`5938`	`integrity sha512-kxxKlPEDa6Nc5WJi+qRgPbOAbgTpSULL+vI3NUXsZMlkJxTqYI9wg5ZTay2sFrdZRWHPWNi+EdAhcJf81WtoMQ==`
`5939`	`5939`
	`5940`	`+dompurify@^2.4.7:`
	`5941`	`+ version "2.5.7"`
	`5942`	`+ resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.5.7.tgz#6e0d36b9177db5a99f18ade1f28579db5ab839d7"`
	`5943`	`+ integrity sha512-2q4bEI+coQM8f5ez7kt2xclg1XsecaV9ASJk/54vwlfRRNQfDqJz2pzQ8t0Ix/ToBpXlVjrRIx7pFC/o8itG2Q==`
	`5944`	`+`
`5940`	`5945`	`dot-case@^3.0.4:`
`5941`	`5946`	`version "3.0.4"`
`5942`	`5947`	`resolved "https://registry.yarnpkg.com/dot-case/-/dot-case-3.0.4.tgz#9b2b670d00a431667a8a75ba29cd1b98809ce751"`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit 08d83dc

File tree

4 files changed

4 files changed

`‎arduino-ide-extension/package.json‎`

`‎arduino-ide-extension/src/browser/dialogs/ide-updater/ide-updater-dialog.tsx‎`

`‎arduino-ide-extension/src/browser/dialogs/version-welcome-dialog.tsx‎`

`‎yarn.lock‎`

0 commit comments