useEncodeURIComponent to add security to dynamic import

src/editor/extensions/ext-arrows/ext-arrows.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-closepath/ext-closepath.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-connector/ext-connector.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-eyedropper/ext-eyedropper.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-foreignobject/ext-foreignobject.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-grid/ext-grid.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-helloworld/ext-helloworld.js

@@ -16,7 +16,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-imagelib/ext-imagelib.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-markers/ext-markers.js

@@ -32,7 +32,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-mathjax/ext-mathjax.js

@@ -11,7 +11,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-panning/ext-panning.js

@@ -13,7 +13,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-placemark/ext-placemark.js

@@ -9,7 +9,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-polygon/ext-polygon.js

@@ -9,7 +9,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-server_moinsave/ext-server_moinsave.js

@@ -12,7 +12,7 @@ import {Canvg as canvg} from 'canvg';
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-server_opensave/ext-server_opensave.js

@@ -11,7 +11,7 @@ import {Canvg as canvg} from 'canvg';
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-shapes/ext-shapes.js

@@ -10,7 +10,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-star/ext-star.js

@@ -9,7 +9,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-storage/ext-storage.js

@@ -22,7 +22,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);

src/editor/extensions/ext-webappfind/ext-webappfind.js

@@ -9,7 +9,7 @@
 const loadExtensionTranslation = async function (lang) {
   let translationModule;
   try {
-    translationModule = await import(`./locale/${lang}.js`);
+    translationModule = await import(`./locale/${encodeURIComponent(lang)}.js`);
   } catch (_error) {
     // eslint-disable-next-line no-console
     console.error(`Missing translation (${lang}) - using 'en'`);