Fixes double escaping of messages

Passing null as the translation sanitization strategy disables it which is safe in this case because the string is escaped when rendered by angular. #4618
medic · Jun 12, 2018 · 520ccb4 · 520ccb4
1 parent 3acc7ad
commit 520ccb4
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/static/js/services/format-data-record.js b/static/js/services/format-data-record.js
@@ -244,7 +244,11 @@ angular.module('inboxServices').factory('FormatDataRecord',
         return getMessage(settings, key, locale) || key;
       }
       var interpolation = skipInterpolation ? 'no-interpolation' : null;
-      return $translate.instant(key, ctx, interpolation, locale);
+      // NB: The 5th parameter must be explicitely null to disable sanitization.
+      // The result will be sanitized by angular when it's rendered, so using
+      // the default sanitization would result in double encoding.
+      // Issue: medic/medic-webapp#4618
+      return $translate.instant(key, ctx, interpolation, locale, null);
     };
 
     /*