Code

Opened 18 months ago

Closed 17 months ago

Last modified 17 months ago

#19136 closed Bug (fixed)

String literals in i18n JavaScript code is unescaped breaking

Reported by: jezdez Owned by: jezdez
Component: Internationalization Version: 1.4
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The footer JavaScript functions pgettext and npgettext contain unescaped string literals that lead to broken code that doesn't actually enable the functions to work correctly.

Attachments (1)

19136-tests.diff (6.0 KB) - added by claudep 18 months ago.
Testing with LiveServerTestCase

Download all attachments as: .zip

Change History (9)

comment:1 Changed 18 months ago by jezdez

The code I mean can be found here: https://github.com/django/django/blob/9d2e1f065ede189f65e79eb3cb33a33b460a4351/django/views/i18n.py#L101-115

\x04 is the magic delimiter in gettext to make contexts work, so this needs to be escaped properly.

Changed 18 months ago by claudep

Testing with LiveServerTestCase

comment:2 Changed 18 months ago by claudep

See the attached tests, it seems to work, at least in Firefox. Now it may be that the unescaped delimiter is causing issues, further investigations needed.

comment:3 Changed 18 months ago by aaugustin

Reading Jannis' report, I understand that \x04 must be escaped in the arguments of the pgettext and npgettext functions before building value.

comment:4 Changed 17 months ago by jezdez

Yup.

comment:5 Changed 17 months ago by aaugustin

  • Owner changed from nobody to aaugustin

comment:6 Changed 17 months ago by jezdez

  • Owner changed from aaugustin to jezdez

comment:7 Changed 17 months ago by Jannis Leidel <jannis@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 4a5e8087ac7676ef08e76275c1f756778b39c13e:

Fixed #19136 -- Properly escape gettext context prefixes in the i18n JavaScript view template.

comment:8 Changed 17 months ago by Jannis Leidel <jannis@…>

In 0e3f7814d7106768e8eafcba0e74238fcdb90f9d:

[1.5.x] Fixed #19136 -- Properly escape gettext context prefixes in the i18n JavaScript view template.

Backport of 4a5e8087ac7676ef08e76275c1f756778b39c13e from master.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.