Skip to content
This repository has been archived by the owner on Jan 29, 2024. It is now read-only.

Commit

Permalink
feat(messageformat-support): enhancing for sanitization like default
Browse files Browse the repository at this point in the history
solves #441

This adds the same support for basic escaping like the default
interpolation service.
  • Loading branch information
knalli authored and 0x-r4bbit committed Apr 22, 2014
1 parent c69de7b commit ad01686
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 2 deletions.
37 changes: 35 additions & 2 deletions src/service/messageformat-interpolation.js
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,34 @@ angular.module('pascalprecht.translate')
*/
.factory('$translateMessageFormatInterpolation', function ($cacheFactory, TRANSLATE_MF_INTERPOLATION_CACHE) {

var $translateInterpolator = {};
var $translateInterpolator = {},
$cache = $cacheFactory.get(TRANSLATE_MF_INTERPOLATION_CACHE),
// instantiate with default locale (which is 'en')
$mf = new MessageFormat(),
$identifier = 'messageformat';
$identifier = 'messageformat',
$sanitizeValueStrategy = null,
// map of all sanitize strategies
sanitizeValueStrategies = {
escaped: function (params) {
var result = {};
for (var key in params) {
if (params.hasOwnProperty(key)) {
result[key] = angular.element('<div></div>').text(params[key]).html();
}
}
return result;
}
};

var sanitizeParams = function (params) {
var result;
if (angular.isFunction(sanitizeValueStrategies[$sanitizeValueStrategy])) {
result = sanitizeValueStrategies[$sanitizeValueStrategy](params);
} else {
result = params;
}
return result;
};

if (!$cache) {
// create cache if it doesn't exist already
Expand Down Expand Up @@ -59,6 +82,11 @@ angular.module('pascalprecht.translate')
return $identifier;
};

$translateInterpolator.useSanitizeValueStrategy = function (value) {
$sanitizeValueStrategy = value;
return this;
};

/**
* @ngdoc function
* @name pascalprecht.translate.$translateMessageFormatInterpolation#interpolate
Expand All @@ -72,6 +100,11 @@ angular.module('pascalprecht.translate')
$translateInterpolator.interpolate = function (string, interpolateParams) {

interpolateParams = interpolateParams || {};

if ($sanitizeValueStrategy) {
interpolateParams = sanitizeParams(interpolateParams);
}

var interpolatedText = $cache.get(string + angular.toJson(interpolateParams));

// if given string wasn't interpolated yet, we do so now and never have to do it again
Expand Down
23 changes: 23 additions & 0 deletions test/unit/service/messageformat-interpolation.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -125,5 +125,28 @@ describe('pascalprecht.translate', function () {
'NUM_ADDS': 3
})).toEqual('You and 2 others added this to their profiles.');
});

describe('should support sanitize strategies', function () {

it('disabled by default', function () {
expect($translateMessageFormatInterpolation.interpolate('The Doctor is a citizen of {world}!', {
world: 'Gallifrey'
})).toEqual('The Doctor is a citizen of Gallifrey!');
expect($translateMessageFormatInterpolation.interpolate('The Doctor is a citizen of {world}!', {
world: 'Gallifrey <span onclick="alert(\"EXTERMINATE\")">click me</span>'
})).toEqual('The Doctor is a citizen of Gallifrey <span onclick="alert("EXTERMINATE")">click me</span>!');
});

it('with strategy="escaped"', function () {
$translateMessageFormatInterpolation.useSanitizeValueStrategy('escaped');

expect($translateMessageFormatInterpolation.interpolate('The Doctor is a citizen of {world}!', {
world: 'Gallifrey <span onclick="alert(\"EXTERMINATE\")">click me</span>'
})).toEqual('The Doctor is a citizen of Gallifrey &lt;span onclick="alert("EXTERMINATE")"&gt;click me&lt;/span&gt;!');
$translateMessageFormatInterpolation.useSanitizeValueStrategy();

});

});
});
});

0 comments on commit ad01686

Please sign in to comment.