Merge pull request #1951 from NginxProxyManager/test-html-encode

Fix #1950 attempt to encode hdomain values before render

Author: jc21

frontend/js/app/nginx/dead/delete.ejs

@@ -7,7 +7,7 @@
         <form>
             <div class="row">
                 <div class="col-sm-12 col-md-12">
-                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('dead-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                     <% if (certificate_id) { %>
                         <br><br>
                         <%- i18n('ssl', 'delete-ssl') %>

frontend/js/app/nginx/proxy/delete.ejs

@@ -7,7 +7,7 @@
         <form>
             <div class="row">
                 <div class="col-sm-12 col-md-12">
-                    <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('proxy-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                     <% if (certificate_id) { %>
                         <br><br>
                         <%- i18n('ssl', 'delete-ssl') %>

frontend/js/app/nginx/redirection/delete.ejs

@@ -7,7 +7,7 @@
         <form>
             <div class="row">
                 <div class="col-sm-12 col-md-12">
-                    <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ')}) %>
+                    <%= i18n('redirection-hosts', 'delete-confirm', {domains: domain_names.join(', ').toHtmlEntities()}) %>
                     <% if (certificate_id) { %>
                         <br><br>
                         <%- i18n('ssl', 'delete-ssl') %>

frontend/js/app/user/delete.ejs

@@ -7,7 +7,7 @@
         <form>
             <div class="row">
                 <div class="col-sm-12 col-md-12">
-                    <%= i18n('users', 'delete-confirm', {name: name}) %>
+                    <%= i18n('users', 'delete-confirm', {name: name.toHtmlEntities()}) %>
                 </div>
             </div>
         </form>

frontend/js/index.js

@@ -103,6 +103,13 @@ window.tabler = {
     }
 };
 
+String.prototype.toHtmlEntities = function() {
+    return this.replace(/./gm, function(s) {
+        // return "&#" + s.charCodeAt(0) + ";";
+        return (s.match(/[a-z0-9\s]+/i)) ? s : "&#" + s.charCodeAt(0) + ";";
+    });
+};
+
 require('tabler-core');
 
 const App = require('./app/main');

frontend/webpack.config.js

@@ -92,17 +92,17 @@ module.exports = {
 				]
 			},
 			{
-        test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/,
-        use: [
-          {
-            loader: 'file-loader',
-            options: {
-              name: '[name].[ext]',
-              outputPath: 'assets/'
-            }
-          }
-        ]
-      }
+				test: /source-sans-pro.*\.(woff(2)?)(\?v=\d+\.\d+\.\d+)?$/,
+				use: [
+					{
+					loader: 'file-loader',
+					options: {
+						name: '[name].[ext]',
+						outputPath: 'assets/'
+					}
+					}
+				]
+			}
 		]
 	},
 	plugins:   [