laravel-translation icon indicating copy to clipboard operation
laravel-translation copied to clipboard

Published 20 hours ago verified publisher icon joedixon

blank page with a js bug

Open meyer59 opened this issue 2 years ago • 1 comments

Describe the bug A clear and concise description of what the bug is. Unable to show the translation, the page show up for a few second and then everything disapear. A js bug appear in the console.

To Reproduce Steps to reproduce the behavior: update to the latest version F5 the page. The page show up for 1-2 sec and then blank (screenshot bellow) Expected behavior A clear and concise description of what you expected to happen.

Screenshots image

Desktop (please complete the following information):

  • OS: WIN10
  • Browser chrome
  • Version 105

meyer59 avatar Sep 25 '22 21:09 meyer59

After debugging app.js, it seems this translation from cloudinary is causing the issue :

'title_uploading_with_counter' => 'Uploading {{num}} Assets',

https://cloudinary.com/documentation/upload_widget#localization

it's not escaped by the frontend and it's executed as js, and it does not find a num variable

It also means it's possible to inject js code with translations when doing something like {{alert('test')}}

Screenshot from 2022-09-28 12-14-02

lk77 avatar Sep 28 '22 08:09 lk77