Comments (2)
iafan
commented on June 3, 2024
This is what happens:
- We get the editor row as HTML. This HTML contains a
<script>....</script>tag that initializes the editor. - We render this HTML in a container using jQuery
html()method. - In
html()method, jQuery explicitly tests if the passed HTML string contains certain tags, like<script>,<style>, or<link>. If any of these are found, it usesthis.empty().append( value );logic instead of nativeelem.innerHTML = value;. jQuery.append()internally callsjQuery.buildFragment()from the given HTML string, and this is where (likely in this code) the resulting string inside embedded JS code gets rewritten (<Error />is replaced with<Error ></Error>).
The code accidentally worked in the past because the to_js template filter would do double escaping and then pass through a runtime JSON.parse() call. Now that we don't do this kind of escaping, we need to deal with this specific case.
The ultimate fix would be to get rid of this whole HTML editor row snippet and script inside this snippet (by e.g. using a proper React component). meanwhile, a short-term workaround can probably be to make sure the rendered JavaScript strings inside editor row initialization code don't match this regular expression.
I'll PR a change for this fix shortly.
from zing.
julen
commented on June 3, 2024
Verified on my side, GTM 👍.
from zing.
Related Issues (20)
- In admin mode, filter out disabled projects from counters / translation views
- Avoid zero carry-overs
- Quality checks page requires help/_ttk_quality_checks.html
- Use Prettier for formatting frontend code
- Use Prettier for CSS formatting
- Upgrade Webpack
- Upgrade to latest React
- Make emojis work as placeables HOT 3
- Placeables should be inactive in read-only editor
- Editing a project fails source language validation
- Handle the case of an empty rendered string in Plurr preview HOT 5
- Support Plurr preview for simple {FOO}-style placeholders HOT 7
- Plurr preview pane to support empty parameters
- Visually identify LS Unicode symbol (U+2028) in the editor
- No module named 'syspath_override' HOT 2
- Incorrect number with the word count tracker HOT 3
- Issue building with python 3.7 HOT 4
- UI hangs indefinitely when attempt to translate a .po file with <= 10 entries HOT 5
- Exception in manage.py build_assets: 'gyp==0.1' distribution was not found
- UI hangs with spinner "Uncaught TypeError: this.unit is undefined" HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zing.