Remove insecure HTML tags in translations

app/coffee/modules/common/confirm.coffee

@@ -42,9 +42,9 @@ NOTIFICATION_MSG = {
 
 
 class ConfirmService extends taiga.Service
-    @.$inject = ["$q", "lightboxService", "$tgLoading", "$translate"]
+    @.$inject = ["$q", "lightboxService", "$tgLoading", "$translate", "$filter"]
 
-    constructor: (@q, @lightboxService, @loading, @translate) ->
+    constructor: (@q, @lightboxService, @loading, @translate, @filter) ->
         bindMethods(@)
 
     hide: (el)->
@@ -61,7 +61,9 @@ class ConfirmService extends taiga.Service
         # Render content
         el.find(".title").text(title) if title
         el.find(".subtitle").text(subtitle) if subtitle
-        el.find(".message").text(message) if message
+        if message
+            message = @filter('textToHTML')(message)
+            el.find(".message").html(message)
 
         # Assign event handlers
         el.on "click.confirm-dialog", ".button-green", debounce 2000, (event) =>

app/coffee/modules/common/filters.coffee

@@ -152,3 +152,12 @@ emojify = ($emojis) ->
         return ""
 
 module.filter("emojify", ["$tgEmojis", emojify])
+
+textToHTML = ($filter) ->
+    return (input) ->
+        if input
+            return input.replace(/\<(?!(\/?)(strong|br)(\/?)).*?\>/g, "")
+
+        return ""
+
+module.filter("textToHTML", ["$filter", textToHTML])

app/coffee/modules/issues/detail.coffee

@@ -738,8 +738,10 @@ lightboxService, $modelTransform, $confirm) ->
                 currentSprint = _.find(data.milestones, { "id": issue.milestone })
 
                 title = $translate.instant("ISSUES.CONFIRM_DETACH_FROM_SPRINT.TITLE")
-                message = $translate.instant("ISSUES.CONFIRM_DETACH_FROM_SPRINT.MESSAGE")
+                message = $translate.instant(
-                message += " <strong>#{currentSprint.name}</strong>"
+                    "ISSUES.CONFIRM_DETACH_FROM_SPRINT.MESSAGE",
+                    {sprintName: currentSprint.name}
+                )
 
                 $confirm.ask(title, null, message).then (askResponse) ->
                     onSuccess = ->

app/coffee/modules/taskboard/main.coffee

@@ -566,7 +566,10 @@ class TaskboardController extends mixOf(taiga.Controller, taiga.PageMixin, taiga
             issue = issue.set('loading-delete', false)
             title = @translate.instant("ISSUES.CONFIRM_DETACH_FROM_SPRINT.TITLE")
             message = @translate.instant("ISSUES.CONFIRM_DETACH_FROM_SPRINT.MESSAGE")
-            message += " <strong>#{@scope.sprint.name}</strong>"
+            message = @translate.instant(
+                "ISSUES.CONFIRM_DETACH_FROM_SPRINT.MESSAGE",
+                {sprintName: @scope.sprint.name}
+            )
 
             @confirm.ask(title, null, message).then (askResponse) =>
                 removingIssue.milestone = null

app/locales/taiga/locale-en.json

@@ -1458,7 +1458,7 @@
         "FILTER_ISSUES": "Filter Issues",
         "CONFIRM_DETACH_FROM_SPRINT": {
             "TITLE": "Detach issue from Sprint",
-            "MESSAGE": "You are about to detach the issue from the sprint"
+            "MESSAGE": "You are about to detach the issue from the sprint <strong>{{ sprintName }}<strong>"
         },
         "CONFIRM_CHANGE_FROM_SPRINT": {
             "TITLE": "Attach issue to Sprint",