From 64ae20e9322e60af1f848093e560ed415a73c831 Mon Sep 17 00:00:00 2001 From: Gustavo Rodrigues Date: Thu, 9 Dec 2021 10:31:48 -0300 Subject: [PATCH] Properly escape data in the request code It was only escaping the first quote, all other quotes and other characters that require to be escaped (like line breaks) were not being escaped. JSON.stringify is a good function to handle this. --- app/static/js/app.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/static/js/app.js b/app/static/js/app.js index 5f59ee8..1aae371 100644 --- a/app/static/js/app.js +++ b/app/static/js/app.js @@ -145,9 +145,9 @@ document.addEventListener('DOMContentLoaded', function(){ return ['const res = await fetch("' + this.BaseUrl + '/translate", {', ' method: "POST",', ' body: JSON.stringify({', - ' q: "' + this.$options.filters.escape(this.inputText) + '",', - ' source: "' + this.$options.filters.escape(this.sourceLang) + '",', - ' target: "' + this.$options.filters.escape(this.targetLang) + '",', + ' q: ' + this.$options.filters.escape(this.inputText) + ',', + ' source: ' + this.$options.filters.escape(this.sourceLang) + ',', + ' target: ' + this.$options.filters.escape(this.targetLang) + ',', ' format: "' + (this.isHtml ? "html" : "text") + '"', ' }),', ' headers: { "Content-Type": "application/json" }', @@ -167,7 +167,7 @@ document.addEventListener('DOMContentLoaded', function(){ }, filters: { escape: function(v){ - return v.replace('"', '\\\"'); + return JSON.stringify(v); }, highlight: function(v){ return Prism.highlight(v, Prism.languages.javascript, 'javascript'); @@ -407,4 +407,4 @@ function setApiKey(){ localStorage.setItem("api_key", newKey); } -// @license-end \ No newline at end of file +// @license-end