Skip to content

Commit

Permalink
Escape translations and keep key for Loading
Browse files Browse the repository at this point in the history
  • Loading branch information
fflorent committed Nov 18, 2024
1 parent e19a3ae commit 7fe7d10
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 12 deletions.
24 changes: 14 additions & 10 deletions app/server/lib/sendAppPage.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,13 @@ import jsesc from 'jsesc';
import * as path from 'path';
import { difference, trimEnd } from 'lodash';

const translate = (req: express.Request, key: string, args?: any) => req.t(`sendAppPage.${key}`, args)?.toString();
const { escapeExpression } = handlebars.Utils;

const translateEscaped = (req: express.Request, key: string, args?: any) => {
const res = req.t(`sendAppPage.${key}`, args)?.toString();
return res ? escapeExpression(res) : res;
};

export interface ISendAppPageOptions {
path: string; // Ignored if .content is present (set to "" for clarity).
content?: string;
Expand Down Expand Up @@ -176,7 +180,7 @@ export function makeSendAppPage({ server, staticDir, tag, testLogin, baseDomain
).join('\n');
const content = fileContent
.replace("<!-- INSERT WARNING -->", warning)
.replace("<!-- INSERT TITLE -->", getDocName(config) ?? translate(req, 'Loading...'))
.replace("<!-- INSERT TITLE -->", getDocName(config) ?? escapeExpression(translateEscaped(req, 'Loading')))
.replace("<!-- INSERT META -->", getPageMetadataHtmlSnippet(req, config))
.replace("<!-- INSERT TITLE SUFFIX -->", getPageTitleSuffix(server.getGristConfig()))
.replace("<!-- INSERT BASE -->", `<base href="${staticBaseUrl}">` + tagManagerSnippet)
Expand Down Expand Up @@ -291,21 +295,21 @@ function getPageMetadataHtmlSnippet(req: express.Request, config: GristLoadConfi

metadataElements.push('<meta property="og:type" content="website">');
metadataElements.push('<meta name="twitter:card" content="summary_large_image">');
const description = maybeDoc?.options?.description ?? translate(req, 'og-description');
const escapedDescription = escapeExpression(description);
metadataElements.push(`<meta name="description" content="${escapedDescription}">`);
metadataElements.push(`<meta property="og:description" content="${escapedDescription}">`);
metadataElements.push(`<meta name="twitter:description" content="${escapedDescription}">`);

const description = maybeDoc?.options?.description ?
escapeExpression(maybeDoc.options.description) :
translateEscaped(req, 'og-description');
metadataElements.push(`<meta name="description" content="${description}">`);
metadataElements.push(`<meta property="og:description" content="${description}">`);
metadataElements.push(`<meta name="twitter:description" content="${description}">`);

const image = escapeExpression(maybeDoc?.options?.icon ?? commonUrls.openGraphPreviewImage);
metadataElements.push(`<meta name="thumbnail" content="${image}">`);
metadataElements.push(`<meta property="og:image" content="${image}">`);
metadataElements.push(`<meta name="twitter:image" content="${image}">`);

const maybeDocTitle = getDocName(config);
const title = escapeExpression(
maybeDocTitle ? maybeDocTitle + getPageTitleSuffix(config) : translate(req, 'og-title')
);
const title = maybeDocTitle ? maybeDocTitle + getPageTitleSuffix(config) : translateEscaped(req, 'og-title');
// NB: We don't generate the content of the <title> tag here.
metadataElements.push(`<meta property="og:title" content="${title}">`);
metadataElements.push(`<meta name="twitter:title" content="${title}">`);
Expand Down
2 changes: 1 addition & 1 deletion static/locales/en.server.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"sendAppPage": {
"Loading...": "Loading...",
"Loading": "Loading...",
"og-description": "A modern, open source spreadsheet that goes beyond the grid",
"og-title": "Grist, the evolution of spreadsheets"
},
Expand Down
2 changes: 1 addition & 1 deletion static/locales/fr.server.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"sendAppPage": {
"Loading...": "Chargement..."
"Loading": "Chargement..."
}
}

0 comments on commit 7fe7d10

Please sign in to comment.