From ffbd07b5d8383e8a600d6cf5ac1ab181be7c9b56 Mon Sep 17 00:00:00 2001 From: Lim Chee Aun Date: Sun, 26 Jan 2025 18:59:50 +0800 Subject: [PATCH] Attempt to fix potential XSS --- src/components/account-info.jsx | 16 ++- src/locales/en.po | 222 ++++++++++++++++---------------- 2 files changed, 122 insertions(+), 116 deletions(-) diff --git a/src/components/account-info.jsx b/src/components/account-info.jsx index 07ea4da8..d809be5f 100644 --- a/src/components/account-info.jsx +++ b/src/components/account-info.jsx @@ -378,11 +378,17 @@ function AccountInfo({

Unable to load account.

-

- - Go to account page - -

+ {isString ? ( +

+ {account} +

+ ) : ( +

+ + Go to account page + +

+ )} )} {uiState === 'loading' ? ( diff --git a/src/locales/en.po b/src/locales/en.po index 410b5f02..b1a3de44 100644 --- a/src/locales/en.po +++ b/src/locales/en.po @@ -28,12 +28,12 @@ msgid "Last posted: {0}" msgstr "" #: src/components/account-block.jsx:162 -#: src/components/account-info.jsx:632 +#: src/components/account-info.jsx:638 msgid "Automated" msgstr "" #: src/components/account-block.jsx:169 -#: src/components/account-info.jsx:637 +#: src/components/account-info.jsx:643 #: src/components/status.jsx:514 msgid "Group" msgstr "" @@ -43,17 +43,17 @@ msgid "Mutual" msgstr "" #: src/components/account-block.jsx:183 -#: src/components/account-info.jsx:1678 +#: src/components/account-info.jsx:1684 msgid "Requested" msgstr "" #: src/components/account-block.jsx:187 -#: src/components/account-info.jsx:1669 +#: src/components/account-info.jsx:1675 msgid "Following" msgstr "" #: src/components/account-block.jsx:191 -#: src/components/account-info.jsx:1060 +#: src/components/account-info.jsx:1066 msgid "Follows you" msgstr "" @@ -62,14 +62,14 @@ msgid "{followersCount, plural, one {# follower} other {# followers}}" msgstr "" #: src/components/account-block.jsx:208 -#: src/components/account-info.jsx:678 +#: src/components/account-info.jsx:684 msgid "Verified" msgstr "" #. placeholder {0}: niceDateTime(createdAt, { hideTime: true, }) #. placeholder {0}: niceDateTime(createdAt, { hideTime: true, }) #: src/components/account-block.jsx:223 -#: src/components/account-info.jsx:778 +#: src/components/account-info.jsx:784 msgid "Joined <0>{0}" msgstr "" @@ -81,33 +81,33 @@ msgstr "" msgid "Unable to load account." msgstr "" -#: src/components/account-info.jsx:383 +#: src/components/account-info.jsx:388 msgid "Go to account page" msgstr "" -#: src/components/account-info.jsx:411 -#: src/components/account-info.jsx:700 -#: src/components/account-info.jsx:730 +#: src/components/account-info.jsx:417 +#: src/components/account-info.jsx:706 +#: src/components/account-info.jsx:736 msgid "Followers" msgstr "" #. js-lingui-explicit-id -#: src/components/account-info.jsx:414 -#: src/components/account-info.jsx:740 -#: src/components/account-info.jsx:757 +#: src/components/account-info.jsx:420 +#: src/components/account-info.jsx:746 +#: src/components/account-info.jsx:763 msgid "following.stats" msgstr "Following" -#: src/components/account-info.jsx:417 -#: src/components/account-info.jsx:774 +#: src/components/account-info.jsx:423 +#: src/components/account-info.jsx:780 #: src/pages/account-statuses.jsx:483 #: src/pages/search.jsx:328 #: src/pages/search.jsx:475 msgid "Posts" msgstr "" -#: src/components/account-info.jsx:425 -#: src/components/account-info.jsx:1116 +#: src/components/account-info.jsx:431 +#: src/components/account-info.jsx:1122 #: src/components/compose.jsx:2624 #: src/components/media-alt-modal.jsx:46 #: src/components/media-modal.jsx:358 @@ -126,50 +126,50 @@ msgstr "" msgid "More" msgstr "" -#: src/components/account-info.jsx:437 +#: src/components/account-info.jsx:443 msgid "<0>{displayName} has indicated that their new account is now:" msgstr "" -#: src/components/account-info.jsx:582 -#: src/components/account-info.jsx:1274 +#: src/components/account-info.jsx:588 +#: src/components/account-info.jsx:1280 msgid "Handle copied" msgstr "Handle copied" -#: src/components/account-info.jsx:585 -#: src/components/account-info.jsx:1277 +#: src/components/account-info.jsx:591 +#: src/components/account-info.jsx:1283 msgid "Unable to copy handle" msgstr "Unable to copy handle" -#: src/components/account-info.jsx:591 -#: src/components/account-info.jsx:1283 +#: src/components/account-info.jsx:597 +#: src/components/account-info.jsx:1289 msgid "Copy handle" msgstr "" -#: src/components/account-info.jsx:597 +#: src/components/account-info.jsx:603 msgid "Go to original profile page" msgstr "" -#: src/components/account-info.jsx:604 +#: src/components/account-info.jsx:610 msgid "View profile image" msgstr "" -#: src/components/account-info.jsx:610 +#: src/components/account-info.jsx:616 msgid "View profile header" msgstr "" -#: src/components/account-info.jsx:627 +#: src/components/account-info.jsx:633 msgid "In Memoriam" msgstr "" -#: src/components/account-info.jsx:707 -#: src/components/account-info.jsx:748 +#: src/components/account-info.jsx:713 +#: src/components/account-info.jsx:754 msgid "This user has chosen to not make this information available." msgstr "This user has chosen to not make this information available." #. placeholder {0}: ( postingStats.originals / postingStats.total ).toLocaleString(i18n.locale || undefined, { style: 'percent', }) #. placeholder {1}: ( postingStats.replies / postingStats.total ).toLocaleString(i18n.locale || undefined, { style: 'percent', }) #. placeholder {2}: ( postingStats.boosts / postingStats.total ).toLocaleString(i18n.locale || undefined, { style: 'percent', }) -#: src/components/account-info.jsx:803 +#: src/components/account-info.jsx:809 msgid "{0} original posts, {1} replies, {2} boosts" msgstr "{0} original posts, {1} replies, {2} boosts" @@ -180,22 +180,22 @@ msgstr "{0} original posts, {1} replies, {2} boosts" #. placeholder {4}: postingStats.total #. placeholder {5}: postingStats.total #. placeholder {6}: postingStats.daysSinceLastPost -#: src/components/account-info.jsx:819 +#: src/components/account-info.jsx:825 msgid "{0, plural, one {{1, plural, one {Last 1 post in the past 1 day} other {Last 1 post in the past {2} days}}} other {{3, plural, one {Last {4} posts in the past 1 day} other {Last {5} posts in the past {6} days}}}}" msgstr "" #. placeholder {0}: postingStats.total #. placeholder {1}: postingStats.total -#: src/components/account-info.jsx:832 +#: src/components/account-info.jsx:838 msgid "{0, plural, one {Last 1 post in the past year(s)} other {Last {1} posts in the past year(s)}}" msgstr "" -#: src/components/account-info.jsx:856 +#: src/components/account-info.jsx:862 #: src/pages/catchup.jsx:70 msgid "Original" msgstr "" -#: src/components/account-info.jsx:860 +#: src/components/account-info.jsx:866 #: src/components/status.jsx:2265 #: src/pages/catchup.jsx:71 #: src/pages/catchup.jsx:1445 @@ -205,7 +205,7 @@ msgstr "" msgid "Replies" msgstr "" -#: src/components/account-info.jsx:864 +#: src/components/account-info.jsx:870 #: src/pages/catchup.jsx:72 #: src/pages/catchup.jsx:1447 #: src/pages/catchup.jsx:2070 @@ -213,210 +213,210 @@ msgstr "" msgid "Boosts" msgstr "" -#: src/components/account-info.jsx:870 +#: src/components/account-info.jsx:876 msgid "Post stats unavailable." msgstr "" -#: src/components/account-info.jsx:901 +#: src/components/account-info.jsx:907 msgid "View post stats" msgstr "" #. placeholder {0}: niceDateTime(lastStatusAt, { hideTime: true, }) -#: src/components/account-info.jsx:1064 +#: src/components/account-info.jsx:1070 msgid "Last post: <0>{0}" msgstr "" -#: src/components/account-info.jsx:1078 +#: src/components/account-info.jsx:1084 msgid "Muted" msgstr "" -#: src/components/account-info.jsx:1083 +#: src/components/account-info.jsx:1089 msgid "Blocked" msgstr "" -#: src/components/account-info.jsx:1092 +#: src/components/account-info.jsx:1098 msgid "Private note" msgstr "Private note" -#: src/components/account-info.jsx:1149 +#: src/components/account-info.jsx:1155 msgid "Mention <0>@{username}" msgstr "" -#: src/components/account-info.jsx:1161 +#: src/components/account-info.jsx:1167 msgid "Translate bio" msgstr "" -#: src/components/account-info.jsx:1172 +#: src/components/account-info.jsx:1178 msgid "Edit private note" msgstr "Edit private note" -#: src/components/account-info.jsx:1172 +#: src/components/account-info.jsx:1178 msgid "Add private note" msgstr "Add private note" -#: src/components/account-info.jsx:1192 +#: src/components/account-info.jsx:1198 msgid "Notifications enabled for @{username}'s posts." msgstr "Notifications enabled for @{username}'s posts." -#: src/components/account-info.jsx:1193 +#: src/components/account-info.jsx:1199 msgid " Notifications disabled for @{username}'s posts." msgstr " Notifications disabled for @{username}'s posts." -#: src/components/account-info.jsx:1205 +#: src/components/account-info.jsx:1211 msgid "Disable notifications" msgstr "Disable notifications" -#: src/components/account-info.jsx:1206 +#: src/components/account-info.jsx:1212 msgid "Enable notifications" msgstr "Enable notifications" -#: src/components/account-info.jsx:1223 +#: src/components/account-info.jsx:1229 msgid "Boosts from @{username} enabled." msgstr "Boosts from @{username} enabled." -#: src/components/account-info.jsx:1224 +#: src/components/account-info.jsx:1230 msgid "Boosts from @{username} disabled." msgstr "Boosts from @{username} disabled." -#: src/components/account-info.jsx:1235 +#: src/components/account-info.jsx:1241 msgid "Disable boosts" msgstr "Disable boosts" -#: src/components/account-info.jsx:1235 +#: src/components/account-info.jsx:1241 msgid "Enable boosts" msgstr "Enable boosts" -#: src/components/account-info.jsx:1251 -#: src/components/account-info.jsx:1261 -#: src/components/account-info.jsx:1864 +#: src/components/account-info.jsx:1257 +#: src/components/account-info.jsx:1267 +#: src/components/account-info.jsx:1870 msgid "Add/Remove from Lists" msgstr "" -#: src/components/account-info.jsx:1300 +#: src/components/account-info.jsx:1306 #: src/components/status.jsx:1174 msgid "Link copied" msgstr "" -#: src/components/account-info.jsx:1303 +#: src/components/account-info.jsx:1309 #: src/components/status.jsx:1177 msgid "Unable to copy link" msgstr "" -#: src/components/account-info.jsx:1309 +#: src/components/account-info.jsx:1315 #: src/components/shortcuts-settings.jsx:1059 #: src/components/status.jsx:1183 #: src/components/status.jsx:3258 msgid "Copy" msgstr "" -#: src/components/account-info.jsx:1324 +#: src/components/account-info.jsx:1330 #: src/components/shortcuts-settings.jsx:1077 #: src/components/status.jsx:1199 msgid "Sharing doesn't seem to work." msgstr "" -#: src/components/account-info.jsx:1330 +#: src/components/account-info.jsx:1336 #: src/components/status.jsx:1205 msgid "Share…" msgstr "" -#: src/components/account-info.jsx:1350 +#: src/components/account-info.jsx:1356 msgid "Unmuted @{username}" msgstr "Unmuted @{username}" -#: src/components/account-info.jsx:1362 +#: src/components/account-info.jsx:1368 msgid "Unmute <0>@{username}" msgstr "" -#: src/components/account-info.jsx:1378 +#: src/components/account-info.jsx:1384 msgid "Mute <0>@{username}…" msgstr "" #. placeholder {0}: typeof MUTE_DURATIONS_LABELS[duration] === 'function' ? MUTE_DURATIONS_LABELS[duration]() : _(MUTE_DURATIONS_LABELS[duration]) -#: src/components/account-info.jsx:1410 +#: src/components/account-info.jsx:1416 msgid "Muted @{username} for {0}" msgstr "Muted @{username} for {0}" -#: src/components/account-info.jsx:1422 +#: src/components/account-info.jsx:1428 msgid "Unable to mute @{username}" msgstr "Unable to mute @{username}" -#: src/components/account-info.jsx:1443 +#: src/components/account-info.jsx:1449 msgid "Remove <0>@{username} from followers?" msgstr "" -#: src/components/account-info.jsx:1463 +#: src/components/account-info.jsx:1469 msgid "@{username} removed from followers" msgstr "@{username} removed from followers" -#: src/components/account-info.jsx:1475 +#: src/components/account-info.jsx:1481 msgid "Remove follower…" msgstr "" -#: src/components/account-info.jsx:1486 +#: src/components/account-info.jsx:1492 msgid "Block <0>@{username}?" msgstr "" -#: src/components/account-info.jsx:1510 +#: src/components/account-info.jsx:1516 msgid "Unblocked @{username}" msgstr "Unblocked @{username}" -#: src/components/account-info.jsx:1518 +#: src/components/account-info.jsx:1524 msgid "Blocked @{username}" msgstr "Blocked @{username}" -#: src/components/account-info.jsx:1526 +#: src/components/account-info.jsx:1532 msgid "Unable to unblock @{username}" msgstr "Unable to unblock @{username}" -#: src/components/account-info.jsx:1528 +#: src/components/account-info.jsx:1534 msgid "Unable to block @{username}" msgstr "Unable to block @{username}" -#: src/components/account-info.jsx:1538 +#: src/components/account-info.jsx:1544 msgid "Unblock <0>@{username}" msgstr "" -#: src/components/account-info.jsx:1547 +#: src/components/account-info.jsx:1553 msgid "Block <0>@{username}…" msgstr "" -#: src/components/account-info.jsx:1564 +#: src/components/account-info.jsx:1570 msgid "Report <0>@{username}…" msgstr "" -#: src/components/account-info.jsx:1584 -#: src/components/account-info.jsx:2099 +#: src/components/account-info.jsx:1590 +#: src/components/account-info.jsx:2105 msgid "Edit profile" msgstr "" -#: src/components/account-info.jsx:1620 +#: src/components/account-info.jsx:1626 msgid "Withdraw follow request?" msgstr "Withdraw follow request?" #. placeholder {1}: info.acct || info.username -#: src/components/account-info.jsx:1621 +#: src/components/account-info.jsx:1627 msgid "Unfollow @{1}?" msgstr "Unfollow @{1}?" -#: src/components/account-info.jsx:1672 +#: src/components/account-info.jsx:1678 msgid "Unfollow…" msgstr "" -#: src/components/account-info.jsx:1681 +#: src/components/account-info.jsx:1687 msgid "Withdraw…" msgstr "" -#: src/components/account-info.jsx:1688 -#: src/components/account-info.jsx:1692 +#: src/components/account-info.jsx:1694 +#: src/components/account-info.jsx:1698 #: src/pages/hashtag.jsx:262 msgid "Follow" msgstr "" -#: src/components/account-info.jsx:1804 -#: src/components/account-info.jsx:1859 -#: src/components/account-info.jsx:1993 -#: src/components/account-info.jsx:2094 +#: src/components/account-info.jsx:1810 +#: src/components/account-info.jsx:1865 +#: src/components/account-info.jsx:1999 +#: src/components/account-info.jsx:2100 #: src/components/account-sheet.jsx:38 #: src/components/compose.jsx:859 #: src/components/compose.jsx:2580 @@ -448,77 +448,77 @@ msgstr "" msgid "Close" msgstr "" -#: src/components/account-info.jsx:1809 +#: src/components/account-info.jsx:1815 msgid "Translated Bio" msgstr "" -#: src/components/account-info.jsx:1904 +#: src/components/account-info.jsx:1910 msgid "Unable to remove from list." msgstr "Unable to remove from list." -#: src/components/account-info.jsx:1905 +#: src/components/account-info.jsx:1911 msgid "Unable to add to list." msgstr "Unable to add to list." -#: src/components/account-info.jsx:1924 +#: src/components/account-info.jsx:1930 #: src/pages/lists.jsx:105 msgid "Unable to load lists." msgstr "" -#: src/components/account-info.jsx:1928 +#: src/components/account-info.jsx:1934 msgid "No lists." msgstr "" -#: src/components/account-info.jsx:1939 +#: src/components/account-info.jsx:1945 #: src/components/list-add-edit.jsx:40 #: src/pages/lists.jsx:59 msgid "New list" msgstr "" #. placeholder {0}: account?.username || account?.acct -#: src/components/account-info.jsx:1998 +#: src/components/account-info.jsx:2004 msgid "Private note about <0>@{0}" msgstr "" -#: src/components/account-info.jsx:2028 +#: src/components/account-info.jsx:2034 msgid "Unable to update private note." msgstr "Unable to update private note." -#: src/components/account-info.jsx:2051 -#: src/components/account-info.jsx:2222 +#: src/components/account-info.jsx:2057 +#: src/components/account-info.jsx:2228 msgid "Cancel" msgstr "" -#: src/components/account-info.jsx:2056 +#: src/components/account-info.jsx:2062 msgid "Save & close" msgstr "" -#: src/components/account-info.jsx:2150 +#: src/components/account-info.jsx:2156 msgid "Unable to update profile." msgstr "Unable to update profile." -#: src/components/account-info.jsx:2157 +#: src/components/account-info.jsx:2163 #: src/components/list-add-edit.jsx:105 msgid "Name" msgstr "" -#: src/components/account-info.jsx:2170 +#: src/components/account-info.jsx:2176 msgid "Bio" msgstr "" -#: src/components/account-info.jsx:2183 +#: src/components/account-info.jsx:2189 msgid "Extra fields" msgstr "" -#: src/components/account-info.jsx:2189 +#: src/components/account-info.jsx:2195 msgid "Label" msgstr "" -#: src/components/account-info.jsx:2192 +#: src/components/account-info.jsx:2198 msgid "Content" msgstr "" -#: src/components/account-info.jsx:2225 +#: src/components/account-info.jsx:2231 #: src/components/list-add-edit.jsx:150 #: src/components/shortcuts-settings.jsx:715 #: src/pages/filters.jsx:554 @@ -526,11 +526,11 @@ msgstr "" msgid "Save" msgstr "" -#: src/components/account-info.jsx:2279 +#: src/components/account-info.jsx:2285 msgid "username" msgstr "" -#: src/components/account-info.jsx:2283 +#: src/components/account-info.jsx:2289 msgid "server domain name" msgstr ""