pkp/pkp-lib#9408 Permit escaping of mixed content when localizing strings

asmecher · asmecher · commit 155053173040 · 2023-10-12T16:12:01.000-07:00
diff --git a/src/components/ListPanel/announcements/AnnouncementsListPanel.vue b/src/components/ListPanel/announcements/AnnouncementsListPanel.vue
@@ -199,9 +199,13 @@ export default {
 				cancelLabel: this.__('common.no'),
 				modalName: 'delete',
 				title: this.deleteAnnouncementLabel,
-				message: this.replaceLocaleParams(this.confirmDeleteMessage, {
-					title: this.localize(announcement.title)
-				}),
+				message: this.replaceLocaleParams(
+					this.confirmDeleteMessage,
+					{
+						title: this.localize(announcement.title)
+					},
+					true
+				),
 				callback: () => {
 					var self = this;
 					$.ajax({
diff --git a/src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue b/src/components/ListPanel/emailTemplates/EmailTemplatesListItem.vue
@@ -27,23 +27,35 @@
 			<list>
 				<list-item>
 					{{
-						replaceLocaleParams(this.subjectLabel, {
-							subject: item.subject
-						})
+						replaceLocaleParams(
+							this.subjectLabel,
+							{
+								subject: item.subject
+							},
+							true
+						)
 					}}
 				</list-item>
 				<list-item v-if="item.fromRoleId">
 					{{
-						replaceLocaleParams(this.fromLabel, {
-							value: getRoleLabel(item.fromRoleId)
-						})
+						replaceLocaleParams(
+							this.fromLabel,
+							{
+								value: getRoleLabel(item.fromRoleId)
+							},
+							true
+						)
 					}}
 				</list-item>
 				<list-item v-if="item.toRoleId">
 					{{
-						replaceLocaleParams(this.toLabel, {
-							value: getRoleLabel(item.toRoleId)
-						})
+						replaceLocaleParams(
+							this.toLabel,
+							{
+								value: getRoleLabel(item.toRoleId)
+							},
+							true
+						)
 					}}
 				</list-item>
 				<list-item
diff --git a/src/mixins/global.js b/src/mixins/global.js
@@ -146,11 +146,18 @@ export default {
 		 *
 		 * @param {String} str String to replace params in
 		 * @param {Object} params Key/value hash of params to replace
+		 * @param {bool} applyEscaping True iff replaced content should be HTML escaped
 		 * @return {String}
 		 */
-		replaceLocaleParams(str, params) {
+		replaceLocaleParams(str, params, applyEscaping = false) {
 			for (var param in params) {
-				let value = params[param];
+				var value = params[param];
+				if (applyEscaping) {
+					var text = document.createTextNode(value);
+					var p = document.createElement('p');
+					p.appendChild(text);
+					value = p.innerHTML;
+				}
 				// If a locale object is passed, take the value from the current locale
 				if (value === Object(value)) {
 					value = this.localize(value);
