github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-01 15:25:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: recover temporary solution for html entities in browser title

Browse Source 
Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>
This commit is contained in:
Sami Mazouz 2023-05-22 22:49:20 +01:00
parent 577890d89c
commit e72541e35d
No known key found for this signature in database
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
framework/core/js/src/common/Application.tsx
View File

@ -411,12 +411,23 @@ export default class Application {
pageNumber: 1,
};
const title =
let title =
onHomepage || !this.title
? extractText(app.translator.trans('core.lib.meta_titles.without_page_title', params))
: extractText(app.translator.trans('core.lib.meta_titles.with_page_title', params));
document.title = count + title;
title = count + title;
// We pass the title through a DOMParser to allow HTML entities
// to be rendered correctly, while still preventing XSS attacks
// from user input by using a script-disabled environment.
// https://github.com/flarum/framework/issues/3514
// https://github.com/flarum/framework/pull/3684
// This is only a temporary solution for 1.x,
// and the actual source of the issue will be fixed in 2.x
// Actual source of the issue: https://github.com/flarum/framework/issues/3685
const parser = new DOMParser();
document.title = parser.parseFromString(title, 'text/html').body.innerText;
}
protected transformRequestOptions<ResponseType>(flarumOptions: FlarumRequestOptions<ResponseType>): InternalFlarumRequestOptions<ResponseType> {