diff --git a/.parcelrc b/.parcelrc
index 6e746dedf2..ec0ea10acb 100644
--- a/.parcelrc
+++ b/.parcelrc
@@ -8,6 +8,11 @@
"parcel-resolver-ignore",
"..."
],
+ "transformers": {
+ "*.{js,ts}": [
+ "@parcel/transformer-js"
+ ]
+ },
"optimizers": {
"*.html": [
"parcel-optimizer-ogimage",
diff --git a/serve.py b/serve.py
index 30b2bbce55..8931fa0c23 100644
--- a/serve.py
+++ b/serve.py
@@ -20,7 +20,7 @@
import build
PARCEL_CLI = "./node_modules/.bin/parcel"
-BUNDLER_COMMAND = f"{PARCEL_CLI} watch --no-hmr src/*.html"
+BUNDLER_COMMAND = f"{PARCEL_CLI} watch --target default --no-hmr src/*.html"
LIVERELOAD_DELAY = 0.1
diff --git a/src/scripts/affichage.js b/src/scripts/affichage.js
index 15fd4bee44..f7a097aa71 100644
--- a/src/scripts/affichage.js
+++ b/src/scripts/affichage.js
@@ -76,15 +76,3 @@ export function escapeHtml(str) {
.replace(/'/g, ''')
.replace(/`/g, '`')
}
-
-export function safeHtml(literals, ...substitutions) {
- let result = ''
-
- for (let i = 0; i < substitutions.length; i++) {
- result += literals[i]
- result += escapeHtml(substitutions[i])
- }
- // add the last literal.
- result += literals[literals.length - 1]
- return result
-}
diff --git a/src/scripts/profil.js b/src/scripts/profil.js
index 16e31ad927..5f1b115bc4 100644
--- a/src/scripts/profil.js
+++ b/src/scripts/profil.js
@@ -1,5 +1,5 @@
import { differenceEnJours, joursAvant } from './utils'
-import { createElementFromHTML, safeHtml } from './affichage'
+import { createElementFromHTML, escapeHtml } from './affichage'
const JOURS_DE_VALIDITE_DEPISTAGE_NEGATIF = 7
const JOURS_DE_VALIDITE_DEPISTAGE_POSITIF = 30
@@ -759,10 +759,12 @@ export default class Profil {
}
renderNom() {
- return safeHtml`${this.affichageNom()}
`
+ const nomEchappe = escapeHtml(this.affichageNom())
+ return `${nomEchappe}
`
}
renderButtons(questionnaire) {
+ const nomEchappe = escapeHtml(this.nom)
const possessifMasculinSingulier = this.estMonProfil() ? 'mon' : 'son'
const possessifPluriel = this.estMonProfil() ? 'mes' : 'ses'
var mainButton = ''
@@ -772,33 +774,33 @@ export default class Profil {
this.hasSuiviStartDate() && this.hasHistorique()
? 'Continuer'
: 'Démarrer'
- mainButton += safeHtml`
+ mainButton += `
${verbe} ${possessifMasculinSingulier} suivi
`
}
- mainButton += safeHtml`
+ mainButton += `
Retrouver ${possessifPluriel} conseils
`
} else {
const label = this.isEmpty() ? 'Démarrer' : 'Continuer'
- mainButton = safeHtml`
+ mainButton = `
${label} ${possessifMasculinSingulier} questionnaire
`
}
const continueButton = this.isEmpty()
? ''
- : safeHtml`
- Modifier ${possessifPluriel} réponses
`
- const deleteButton = safeHtml`
- Supprimer ${possessifPluriel} réponses
`
return mainButton + continueButton + deleteButton
diff --git a/src/scripts/suivi.js b/src/scripts/suivi.js
index ca83c9c74d..a230071495 100644
--- a/src/scripts/suivi.js
+++ b/src/scripts/suivi.js
@@ -1,5 +1,5 @@
import { format } from 'timeago.js'
-import { createElementFromHTML, safeHtml } from './affichage'
+import { createElementFromHTML, escapeHtml } from './affichage'
import AlgorithmeSuivi from './algorithme/suivi'
import { titleCase } from './utils'
@@ -11,6 +11,7 @@ export default class SuiviView {
}
renderButtonSuivi() {
+ const nomEchappe = escapeHtml(this.profil.nom)
const possessifMasculinSingulier = this.profil.estMonProfil() ? 'mon' : 'son'
const possessifPluriel = this.profil.estMonProfil() ? 'mes' : 'ses'
const label =
@@ -20,20 +21,20 @@ export default class SuiviView {
const nextPage = this.profil.hasSymptomesStartDate()
? 'suivisymptomes'
: 'symptomes'
- const suiviButton = safeHtml`
+ const suiviButton = `
${label} ${possessifMasculinSingulier} suivi
`
- const conseilsButton = safeHtml`
+ const conseilsButton = `
Retrouver ${possessifPluriel} conseils
`
let deleteLink = ''
if (this.profil.hasSuiviStartDate()) {
- deleteLink = safeHtml`
- Supprimer ${possessifMasculinSingulier} suivi
`
}
diff --git a/src/scripts/tests/test.affichage.js b/src/scripts/tests/test.affichage.js
index 26b86cf4a3..0261be97b0 100644
--- a/src/scripts/tests/test.affichage.js
+++ b/src/scripts/tests/test.affichage.js
@@ -25,14 +25,4 @@ describe('Affichage', function () {
assert.strictEqual(element.firstElementChild.className, 'visible')
assert.isFalse(element.firstElementChild.hasAttribute('hidden'))
})
-
- it('On peut échapper du HTML depuis un tag pour template literal', function () {
- var bar = 'baz'
- assert.strictEqual(affichage.safeHtml`foo ${bar}`, 'foo baz')
- var evil = ''
- assert.strictEqual(
- affichage.safeHtml`foo ${evil}`,
- 'foo <script>alert("something evil")</script>'
- )
- })
})