diff --git a/.eslintrc.js b/.eslintrc.js index e465ca6b..5b10b10a 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -124,7 +124,14 @@ module.exports = { 'node/no-unsupported-features/node-builtins': 'warn', 'prefer-exponentiation-operator': 'warn', 'node/no-unsupported-features/es-syntax': 'off', - 'no-unsanitized/method': 'off' + 'no-unsanitized/method': [ + 'error', + { + escape: { + methods: ['encodeURIComponent', 'encodeURI'] + } + } + ] }, overrides: [ // Locales have no need for importing outside of SVG-Edit diff --git a/src/editor/extensions/ext-arrows/ext-arrows.js b/src/editor/extensions/ext-arrows/ext-arrows.js index 868da7ee..b5351143 100644 --- a/src/editor/extensions/ext-arrows/ext-arrows.js +++ b/src/editor/extensions/ext-arrows/ext-arrows.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-closepath/ext-closepath.js b/src/editor/extensions/ext-closepath/ext-closepath.js index 29b442f0..d2b9d072 100644 --- a/src/editor/extensions/ext-closepath/ext-closepath.js +++ b/src/editor/extensions/ext-closepath/ext-closepath.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-connector/ext-connector.js b/src/editor/extensions/ext-connector/ext-connector.js index 92222750..fbaf25fe 100644 --- a/src/editor/extensions/ext-connector/ext-connector.js +++ b/src/editor/extensions/ext-connector/ext-connector.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-eyedropper/ext-eyedropper.js b/src/editor/extensions/ext-eyedropper/ext-eyedropper.js index 95316778..641bea96 100644 --- a/src/editor/extensions/ext-eyedropper/ext-eyedropper.js +++ b/src/editor/extensions/ext-eyedropper/ext-eyedropper.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-foreignobject/ext-foreignobject.js b/src/editor/extensions/ext-foreignobject/ext-foreignobject.js index 3c5f97fb..fd90e5dc 100644 --- a/src/editor/extensions/ext-foreignobject/ext-foreignobject.js +++ b/src/editor/extensions/ext-foreignobject/ext-foreignobject.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-grid/ext-grid.js b/src/editor/extensions/ext-grid/ext-grid.js index cf412342..666b1473 100644 --- a/src/editor/extensions/ext-grid/ext-grid.js +++ b/src/editor/extensions/ext-grid/ext-grid.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-helloworld/ext-helloworld.js b/src/editor/extensions/ext-helloworld/ext-helloworld.js index d25a4185..4c3d383b 100644 --- a/src/editor/extensions/ext-helloworld/ext-helloworld.js +++ b/src/editor/extensions/ext-helloworld/ext-helloworld.js @@ -16,7 +16,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-imagelib/ext-imagelib.js b/src/editor/extensions/ext-imagelib/ext-imagelib.js index 5c11e880..13ae02dd 100644 --- a/src/editor/extensions/ext-imagelib/ext-imagelib.js +++ b/src/editor/extensions/ext-imagelib/ext-imagelib.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-markers/ext-markers.js b/src/editor/extensions/ext-markers/ext-markers.js index a34709f4..126afd99 100644 --- a/src/editor/extensions/ext-markers/ext-markers.js +++ b/src/editor/extensions/ext-markers/ext-markers.js @@ -32,7 +32,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-mathjax/ext-mathjax.js b/src/editor/extensions/ext-mathjax/ext-mathjax.js index 960367a4..860100ee 100644 --- a/src/editor/extensions/ext-mathjax/ext-mathjax.js +++ b/src/editor/extensions/ext-mathjax/ext-mathjax.js @@ -11,7 +11,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-panning/ext-panning.js b/src/editor/extensions/ext-panning/ext-panning.js index df490b4f..be145ef8 100644 --- a/src/editor/extensions/ext-panning/ext-panning.js +++ b/src/editor/extensions/ext-panning/ext-panning.js @@ -13,7 +13,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-placemark/ext-placemark.js b/src/editor/extensions/ext-placemark/ext-placemark.js index c97e2525..aa0c7738 100644 --- a/src/editor/extensions/ext-placemark/ext-placemark.js +++ b/src/editor/extensions/ext-placemark/ext-placemark.js @@ -9,7 +9,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-polygon/ext-polygon.js b/src/editor/extensions/ext-polygon/ext-polygon.js index 753c9b57..e6e403a1 100644 --- a/src/editor/extensions/ext-polygon/ext-polygon.js +++ b/src/editor/extensions/ext-polygon/ext-polygon.js @@ -9,7 +9,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-server_moinsave/ext-server_moinsave.js b/src/editor/extensions/ext-server_moinsave/ext-server_moinsave.js index 08a6cedc..17a59ef6 100644 --- a/src/editor/extensions/ext-server_moinsave/ext-server_moinsave.js +++ b/src/editor/extensions/ext-server_moinsave/ext-server_moinsave.js @@ -12,7 +12,7 @@ import {Canvg as canvg} from 'canvg'; const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-server_opensave/ext-server_opensave.js b/src/editor/extensions/ext-server_opensave/ext-server_opensave.js index d30eee6e..c046f1de 100644 --- a/src/editor/extensions/ext-server_opensave/ext-server_opensave.js +++ b/src/editor/extensions/ext-server_opensave/ext-server_opensave.js @@ -11,7 +11,7 @@ import {Canvg as canvg} from 'canvg'; const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-shapes/ext-shapes.js b/src/editor/extensions/ext-shapes/ext-shapes.js index 95c7b8c0..a65f2601 100644 --- a/src/editor/extensions/ext-shapes/ext-shapes.js +++ b/src/editor/extensions/ext-shapes/ext-shapes.js @@ -10,7 +10,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-star/ext-star.js b/src/editor/extensions/ext-star/ext-star.js index ae14ecd5..3bf58395 100644 --- a/src/editor/extensions/ext-star/ext-star.js +++ b/src/editor/extensions/ext-star/ext-star.js @@ -9,7 +9,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-storage/ext-storage.js b/src/editor/extensions/ext-storage/ext-storage.js index 3297b9fc..28c221f7 100644 --- a/src/editor/extensions/ext-storage/ext-storage.js +++ b/src/editor/extensions/ext-storage/ext-storage.js @@ -22,7 +22,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/extensions/ext-webappfind/ext-webappfind.js b/src/editor/extensions/ext-webappfind/ext-webappfind.js index 33261337..a7d18731 100644 --- a/src/editor/extensions/ext-webappfind/ext-webappfind.js +++ b/src/editor/extensions/ext-webappfind/ext-webappfind.js @@ -9,7 +9,7 @@ const loadExtensionTranslation = async function (lang) { let translationModule; try { - translationModule = await import(`./locale/${lang}.js`); + translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`); } catch (_error) { // eslint-disable-next-line no-console console.error(`Missing translation (${lang}) - using 'en'`); diff --git a/src/editor/locale.js b/src/editor/locale.js index c3ddd096..a2c5f315 100644 --- a/src/editor/locale.js +++ b/src/editor/locale.js @@ -357,6 +357,6 @@ export const putLocale = async function (givenParam, goodLangs) { if (!goodLangs.includes(langParam) && langParam !== 'test') { langParam = 'en'; } - const module = await import(`./locale/lang.${langParam}.js`); + const module = await import(`./locale/lang.${encodeURIComponent(langParam)}.js`); return readLang(module.default); }; diff --git a/src/editor/svgedit.js b/src/editor/svgedit.js index a6821433..c29db421 100644 --- a/src/editor/svgedit.js +++ b/src/editor/svgedit.js @@ -783,7 +783,7 @@ editor.init = function () { /** * @type {module:SVGEditor.ExtensionObject} */ - const imported = await import(`./extensions/${extname}/${extname}.js`); + const imported = await import(`./extensions/${encodeURIComponent(extname)}/${encodeURIComponent(extname)}.js`); const {name = extname, init} = imported.default; return editor.addExtension(name, (init && init.bind(editor)), {$, langParam}); } catch (err) { @@ -806,7 +806,7 @@ editor.init = function () { /** * @type {module:SVGEditor.ExtensionObject} */ - const imported = await import(extPathName); + const imported = await import(encodeURI(extPathName)); const {name, init} = imported.default; return editor.addExtension(name, (init && init.bind(editor)), {$, langParam}); } catch (err) {