Skip to content

Commit e534a62

Browse files
adraiadrai
committed
build
1 parent ddf1048 commit e534a62

2 files changed

Lines changed: 21 additions & 5 deletions

File tree

i18nextHttpBackend.js

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -393,7 +393,9 @@ exports.defaults = defaults;
393393
exports.hasXMLHttpRequest = hasXMLHttpRequest;
394394
exports.interpolate = interpolate;
395395
exports.interpolateUrl = interpolateUrl;
396-
exports.isSafeUrlSegment = isSafeUrlSegment;
396+
exports.isSafeLangUrlSegment = isSafeLangUrlSegment;
397+
exports.isSafeNsUrlSegment = isSafeNsUrlSegment;
398+
exports.isSafeUrlSegment = void 0;
397399
exports.makePromise = makePromise;
398400
exports.redactUrlCredentials = redactUrlCredentials;
399401
exports.sanitizeLogValue = sanitizeLogValue;
@@ -417,16 +419,29 @@ function defaults(obj) {
417419
});
418420
return obj;
419421
}
420-
function isSafeUrlSegment(v) {
422+
function isSafeUrlSegmentBase(v) {
421423
if (typeof v !== 'string') return false;
422424
if (v.length === 0 || v.length > 128) return false;
423425
if (UNSAFE_KEYS.indexOf(v) > -1) return false;
424426
if (v.indexOf('..') > -1) return false;
425-
if (v.indexOf('/') > -1 || v.indexOf('\\') > -1) return false;
427+
if (v.indexOf('\\') > -1) return false;
426428
if (/[?#%\s@]/.test(v)) return false;
427429
if (/[\x00-\x1F\x7F]/.test(v)) return false;
428430
return true;
429431
}
432+
function isSafeLangUrlSegment(v) {
433+
if (!isSafeUrlSegmentBase(v)) return false;
434+
if (v.indexOf('/') > -1) return false;
435+
return true;
436+
}
437+
function isSafeNsUrlSegment(v) {
438+
return isSafeUrlSegmentBase(v);
439+
}
440+
var isSafeUrlSegment = exports.isSafeUrlSegment = isSafeLangUrlSegment;
441+
var SAFETY_CHECK_BY_KEY = {
442+
lng: isSafeLangUrlSegment,
443+
ns: isSafeNsUrlSegment
444+
};
430445
function sanitizeLogValue(v) {
431446
if (typeof v !== 'string') return v;
432447
return v.replace(/[\r\n\x00-\x1F\x7F]/g, ' ');
@@ -473,13 +488,14 @@ function interpolateUrl(str, data) {
473488
if (UNSAFE_KEYS.indexOf(k) > -1) return match;
474489
var value = data[k];
475490
if (value == null) return match;
491+
var check = SAFETY_CHECK_BY_KEY[k] || isSafeLangUrlSegment;
476492
var segments = String(value).split('+');
477493
var _iterator = _createForOfIteratorHelper(segments),
478494
_step;
479495
try {
480496
for (_iterator.s(); !(_step = _iterator.n()).done;) {
481497
var seg = _step.value;
482-
if (!isSafeUrlSegment(seg)) {
498+
if (!check(seg)) {
483499
unsafe = true;
484500
return match;
485501
}

0 commit comments

Comments
 (0)