github/svgedit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

useEncodeURIComponent to add security to dynamic import

Browse Source
This commit is contained in:
jfh
2020-10-05 21:27:48 +02:00
parent d8a8869b98
commit 6d1c36b6d3
22 changed files with 30 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/editor/locale.js
View File

@@ -357,6 +357,6 @@ export const putLocale = async function (givenParam, goodLangs) {
if (!goodLangs.includes(langParam) && langParam !== 'test') {
langParam = 'en';
}
const module = await import(`./locale/lang.${langParam}.js`);
const module = await import(`./locale/lang.${encodeURIComponent(langParam)}.js`);
return readLang(module.default);
};