Merge branch 'winh-sprintf' into 'master'

Add basic sprintf implementation to JavaScript See merge request gitlab-org/gitlab-ce!14506

Merge branch 'winh-sprintf' into 'master'
Add basic sprintf implementation to JavaScript See merge request gitlab-org/gitlab-ce!14506
23e6b17b · Tim Zallmann · 66dd045e · b509588a · 23e6b17b · 23e6b17b
Commit 23e6b17b authored Oct 03, 2017 by Tim Zallmann
6 changed files
--- a/app/assets/javascripts/locale/index.js
+++ b/app/assets/javascripts/locale/index.js
 import Jed from 'jed';
+import sprintf from './sprintf';
 /**
  This is required to require all the translation folders in the current directory
  this saves us having to do this manually & keep up to date with new languages
@@ -66,4 +68,5 @@ export { lang };
 export { gettext as __ };
 export { ngettext as n__ };
 export { pgettext as s__ };
+export { sprintf };
 export default locale;
--- a/app/assets/javascripts/locale/sprintf.js
+++ b/app/assets/javascripts/locale/sprintf.js
+import _ from 'underscore';
+/**
+  Very limited implementation of sprintf supporting only named parameters.
+  @param input (translated) text with parameters (e.g. '%{num_users} users use us')
+  @param parameters object mapping parameter names to values (e.g. { num_users: 5 })
+  @param escapeParameters whether parameter values should be escaped (see http://underscorejs.org/#escape)
+  @returns {String} the text with parameters replaces (e.g. '5 users use us')
+  @see https://ruby-doc.org/core-2.3.3/Kernel.html#method-i-sprintf
+  @see https://gitlab.com/gitlab-org/gitlab-ce/issues/37992
+**/
+export default (input, parameters, escapeParameters = true) => {
+    let output = input;
+    if (parameters) {
+      Object.keys(parameters).forEach((parameterName) => {
+        const parameterValue = parameters[parameterName];
+        const escapedParameterValue = escapeParameters ? _.escape(parameterValue) : parameterValue;
+        output = output.replace(new RegExp(`%{${parameterName}}`, 'g'), escapedParameterValue);
+      });
+    }
+    return output;
+}
--- a/app/assets/javascripts/vue_shared/translate.js
+++ b/app/assets/javascripts/vue_shared/translate.js
@@ -2,6 +2,7 @@ import {
  __,
  n__,
  s__,
+  sprintf,
 } from '../locale';
 export default (Vue) => {
@@ -37,6 +38,7 @@ export default (Vue) => {
        @returns {String} Translated context based text
      **/
      s__,
+      sprintf,
    },
  });
 };
--- a/changelogs/unreleased/winh-sprintf.yml
+++ b/changelogs/unreleased/winh-sprintf.yml
+---
+title: Add basic sprintf implementation to JavaScript
+merge_request: 14506
+author:
+type: other
--- a/doc/development/i18n_guide.md
+++ b/doc/development/i18n_guide.md
@@ -183,13 +183,20 @@ aren't in the message with id `1 pipeline`.
 ### Interpolation
- In Ruby/HAML:
+- In Ruby/HAML (see [sprintf]):
    ```ruby
    _("Hello %{name}") % { name: 'Joe' }
    ```
- In JavaScript: Not supported at this moment.
+- In JavaScript: Only named parameters are supported (see also [#37992]):
+    ```javascript
+    __("Hello %{name}") % { name: 'Joe' }
+    ```
+[sprintf]: http://ruby-doc.org/core/Kernel.html#method-i-sprintf
+[#37992]: https://gitlab.com/gitlab-org/gitlab-ce/issues/37992
 ### Plurals

--- a/spec/javascripts/locale/sprintf_spec.js
+++ b/spec/javascripts/locale/sprintf_spec.js
+import sprintf from '~/locale/sprintf';
+describe('locale', () => {
+  describe('sprintf', () => {
+    it('does not modify string without parameters', () => {
+      const input = 'No parameters';
+      const output = sprintf(input);
+      expect(output).toBe(input);
+    });
+    it('ignores extraneous parameters', () => {
+      const input = 'No parameters';
+      const output = sprintf(input, { ignore: 'this' });
+      expect(output).toBe(input);
+    });
+    it('ignores extraneous placeholders', () => {
+      const input = 'No %{parameters}';
+      const output = sprintf(input);
+      expect(output).toBe(input);
+    });
+    it('replaces parameters', () => {
+      const input = '%{name} has %{count} parameters';
+      const parameters = {
+        name: 'this',
+        count: 2,
+      };
+      const output = sprintf(input, parameters);
+      expect(output).toBe('this has 2 parameters');
+    });
+    it('replaces multiple occurrences', () => {
+      const input = 'to %{verb} or not to %{verb}';
+      const parameters = {
+        verb: 'be',
+      };
+      const output = sprintf(input, parameters);
+      expect(output).toBe('to be or not to be');
+    });
+    it('escapes parameters', () => {
+      const input = 'contains %{userContent}';
+      const parameters = {
+        userContent: '<script>alert("malicious!")</script>',
+      };
+      const output = sprintf(input, parameters);
+      expect(output).toBe('contains &lt;script&gt;alert(&quot;malicious!&quot;)&lt;/script&gt;');
+    });
+    it('does not escape parameters for escapeParameters = false', () => {
+      const input = 'contains %{safeContent}';
+      const parameters = {
+        safeContent: '<strong>bold attempt</strong>',
+      };
+      const output = sprintf(input, parameters, false);
+      expect(output).toBe('contains <strong>bold attempt</strong>');
+    });
+  });
+});