pontoon icon indicating copy to clipboard operation
pontoon copied to clipboard
verified publisher icon mozilla

Remove eval() from JS code

Open bugzilla-to-github opened this issue 9 years ago • 8 comments

This issue was created automatically by a script.

Bug 1311053

Bug Reporter: @mathjazz CC: [email protected] Blocker for: Bug 1338247

We use eval() in JS to calculate examples of different plural forms for each language, which is done using the plural rule (e.g. https://github.com/mozilla-l10n/input-l10n/blob/master/sl/LC_MESSAGES/django.po#L14) that we store in the DB and pass to JS in a variable, and finally run eval() on it.

We should do this only once per locale, so it can be moved to python and executed when locale is added. Currently the code lives in JS, because it uses the same ternary operator syntax as PO files.

This will also allow us to remove unsafe-eval from CSP.

bugzilla-to-github avatar Oct 18 '16 01:10 bugzilla-to-github

Comment Author: @psiinon

+1 for this :)

bugzilla-to-github avatar Oct 31 '17 01:10 bugzilla-to-github

Comment Author: GitHub Bugzilla PR Linker <[email protected]>

Created attachment 8925541 Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/748

Attached file: file_150881901.txt (text/x-github-pull-request, 43 bytes) Description: Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/748

bugzilla-to-github avatar Nov 05 '17 23:11 bugzilla-to-github

Comment Author: @github-actions

Commit pushed to master at https://github.com/mozilla/pontoon

https://github.com/mozilla/pontoon/commit/8c5c722c63334f53f29618af0307b181b9bfa420 Bug #1311053: Always assign plural examples (#748)

For each plural form of a locale, we calculate example number to use as a hint in the UI. Examples were not assigned to locales with 2 plural forms prior to this fix.

bugzilla-to-github avatar Nov 08 '17 00:11 bugzilla-to-github

Comment Author: [email protected]

Hi @mathjazz this bug seems interesting to me how can I proceed for this Can I provide the solution without assigning it?

bugzilla-to-github avatar Dec 20 '19 15:12 bugzilla-to-github

Comment Author: @mathjazz

Akshjain, a mentored bug like bug #1604038 would be a better first bug. Would you like me to assign it to you?

This bug requires slightly more work, so it could be a good 2nd bug. :)

bugzilla-to-github avatar Dec 21 '19 07:12 bugzilla-to-github

Comment Author: [email protected]

Okay @mathjazz I would love to work on 2nd bug which you referred to me . Please assign it to me Thanks

bugzilla-to-github avatar Dec 21 '19 14:12 bugzilla-to-github

This has been fixed for quite a while now.

eemeli avatar May 14 '25 19:05 eemeli

Actually, that's wrong; we don't use eval(), but we do use new Function() for this: https://github.com/mozilla/pontoon/blob/a0d0d9ab740cec8e837adbe28d4b8b7c25a08c64/translate/src/hooks/usePluralExamples.ts#L25-L26

eemeli avatar May 14 '25 19:05 eemeli