Properly escape data in the request code

It was only escaping the first quote, all other quotes and other characters that require to be escaped (like line breaks) were not being escaped. JSON.stringify is a good function to handle this.
This commit is contained in:
Gustavo Rodrigues 2021-12-09 10:31:48 -03:00 committed by GitHub
parent 94c27e3645
commit 64ae20e932
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -145,9 +145,9 @@ document.addEventListener('DOMContentLoaded', function(){
return ['const res = await fetch("' + this.BaseUrl + '/translate", {', return ['const res = await fetch("' + this.BaseUrl + '/translate", {',
' method: "POST",', ' method: "POST",',
' body: JSON.stringify({', ' body: JSON.stringify({',
' q: "' + this.$options.filters.escape(this.inputText) + '",', ' q: ' + this.$options.filters.escape(this.inputText) + ',',
' source: "' + this.$options.filters.escape(this.sourceLang) + '",', ' source: ' + this.$options.filters.escape(this.sourceLang) + ',',
' target: "' + this.$options.filters.escape(this.targetLang) + '",', ' target: ' + this.$options.filters.escape(this.targetLang) + ',',
' format: "' + (this.isHtml ? "html" : "text") + '"', ' format: "' + (this.isHtml ? "html" : "text") + '"',
' }),', ' }),',
' headers: { "Content-Type": "application/json" }', ' headers: { "Content-Type": "application/json" }',
@ -167,7 +167,7 @@ document.addEventListener('DOMContentLoaded', function(){
}, },
filters: { filters: {
escape: function(v){ escape: function(v){
return v.replace('"', '\\\"'); return JSON.stringify(v);
}, },
highlight: function(v){ highlight: function(v){
return Prism.highlight(v, Prism.languages.javascript, 'javascript'); return Prism.highlight(v, Prism.languages.javascript, 'javascript');
@ -407,4 +407,4 @@ function setApiKey(){
localStorage.setItem("api_key", newKey); localStorage.setItem("api_key", newKey);
} }
// @license-end // @license-end