Address some CodeQL security concerns (#35572)
Although there is no real security problem
This commit is contained in:
wxiaoguang
@@ -62,6 +62,9 @@ sub = Changed Sub String
|
||||
found := lang1.HasKey("no-such")
|
||||
assert.False(t, found)
|
||||
assert.NoError(t, ls.Close())
|
||||
|
||||
res := lang1.TrHTML("<no-such>")
|
||||
assert.Equal(t, "<no-such>", string(res))
|
||||
}
|
||||
|
||||
func TestLocaleStoreMoreSource(t *testing.T) {
|
||||
|
||||
@@ -6,6 +6,7 @@ package i18n
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"html"
|
||||
"html/template"
|
||||
"slices"
|
||||
|
||||
@@ -109,8 +110,7 @@ func (store *localeStore) Close() error {
|
||||
}
|
||||
|
||||
func (l *locale) TrString(trKey string, trArgs ...any) string {
|
||||
format := trKey
|
||||
|
||||
var format string
|
||||
idx, ok := l.store.trKeyToIdxMap[trKey]
|
||||
if ok {
|
||||
if msg, ok := l.idxToMsgMap[idx]; ok {
|
||||
@@ -122,7 +122,9 @@ func (l *locale) TrString(trKey string, trArgs ...any) string {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if format == "" {
|
||||
format = html.EscapeString(trKey)
|
||||
}
|
||||
msg, err := Format(format, trArgs...)
|
||||
if err != nil {
|
||||
log.Error("Error whilst formatting %q in %s: %v", trKey, l.langName, err)
|
||||
|
||||
Reference in New Issue
Block a user