https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26777
--- Comment #66 from David Cook <[email protected]> --- (In reply to Katrin Fischer from comment #63) > 3) Translatability > > This is untranslatable: > + document.getElementById('barcode-container').innerHTML = > `<p><strong>Error: </strong>${errorMessage}</p>`; > > Also, strings should always be enclosed using double quotes. That's so that > languages using single quotes like French don't break the JS by accident. > See: JS2: Enabling translation of language strings in embedded JavaScript So this was using a template literal, which I thought the translations could use? Personally, I quite like template literals, but using innerHTML here was a good way to potentially introduce XSS via the errorMessage... (although it would need to come from the third party Javascript in this case which is probably unlikely but still better to be safe than sorry...) > I attached a follow-up patch. The follow-up patch accidentally broke the errorMessage display, since it retained the template literal syntax for errorMessage. See bug 37742. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
