Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#19136 closed Bug (fixed)

String literals in i18n JavaScript code is unescaped breaking

Reported by: jezdez Owned by: jezdez
Component: Internationalization Version: 1.4
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The footer JavaScript functions pgettext and npgettext contain unescaped string literals that lead to broken code that doesn't actually enable the functions to work correctly.

Attachments (1)

19136-tests.diff (6.0 KB) - added by claudep 3 years ago.
Testing with LiveServerTestCase

Download all attachments as: .zip

Change History (9)

comment:1 Changed 3 years ago by jezdez

The code I mean can be found here: https://github.com/django/django/blob/9d2e1f065ede189f65e79eb3cb33a33b460a4351/django/views/i18n.py#L101-115

\x04 is the magic delimiter in gettext to make contexts work, so this needs to be escaped properly.

Changed 3 years ago by claudep

Testing with LiveServerTestCase

comment:2 Changed 3 years ago by claudep

See the attached tests, it seems to work, at least in Firefox. Now it may be that the unescaped delimiter is causing issues, further investigations needed.

comment:3 Changed 3 years ago by aaugustin

Reading Jannis' report, I understand that \x04 must be escaped in the arguments of the pgettext and npgettext functions before building value.

comment:4 Changed 3 years ago by jezdez

Yup.

comment:5 Changed 3 years ago by aaugustin

  • Owner changed from nobody to aaugustin

comment:6 Changed 3 years ago by jezdez

  • Owner changed from aaugustin to jezdez

comment:7 Changed 3 years ago by Jannis Leidel <jannis@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 4a5e8087ac7676ef08e76275c1f756778b39c13e:

Fixed #19136 -- Properly escape gettext context prefixes in the i18n JavaScript view template.

comment:8 Changed 3 years ago by Jannis Leidel <jannis@…>

In 0e3f7814d7106768e8eafcba0e74238fcdb90f9d:

[1.5.x] Fixed #19136 -- Properly escape gettext context prefixes in the i18n JavaScript view template.

Backport of 4a5e8087ac7676ef08e76275c1f756778b39c13e from master.

Note: See TracTickets for help on using tickets.
Back to Top