Opened 11 years ago

Closed 6 years ago

#371 closed improve feature (wontfix)

sanitize translations

Reported by: lemon-head Owned by: lemon-head
Priority: minor Milestone: unassigned
Component: BW Internationalization Keywords: MOD_words
Cc:

Description

Some translations contain '&' characters. Some might also contain quotes. Some sanitizing will be a good idea.

Change History (13)

comment:1 Changed 11 years ago by lemon-head

  • follow_up changed from none to test
  • Owner set to lemon-head
  • Status changed from new to assigned

Should be solved with [3881].

comment:2 Changed 11 years ago by lemon-head

  • follow_up changed from test to move to alpha

looks ok, move to alpha.

comment:3 Changed 11 years ago by lemon-head

  • follow_up changed from move to alpha to review code

need to have a deeper look into the words sanitizing. Especially, what should happen before and after the 'vsprintf()'

comment:4 Changed 11 years ago by lemon-head

  • follow_up changed from review code to move to alpha

[3906] - sanitizing disabled for now. Move to alpha.

comment:5 Changed 11 years ago by lemon-head

  • Type changed from bug to improve feature

comment:6 Changed 11 years ago by matrixpoint

  • follow_up changed from move to alpha to test on alpha

Moved to alpha in 3909.

comment:7 Changed 11 years ago by matrixpoint

  • follow_up changed from test on alpha to none
  • Resolution set to fixed
  • Status changed from assigned to closed

Released in r3925.

comment:8 Changed 11 years ago by lemon-head

  • Resolution fixed deleted
  • Status changed from closed to reopened

Hmm.. it is not really fixed, because we still don't have a working sanitizing mechanism.

What is fixed is the eventual problems caused by the attempt to build a sanitizing mechanism. Mechanism disabled, no more problems.

The real problem is:

  • words in javascript
  • words in html attributes
  • words in the header
  • %s or %d replaced by arbitrary code.
  • before %s and %d are replaced, we cannot assume to get valid html.
  • Sometimes translators add % symbols for no good reason - for instance, if they are part of an url (whitespace turned into %20).

See also #130 - "Remove possibility to add HTML in adminwords"

comment:9 Changed 11 years ago by philipp

  • freq_reported set to 1
  • Milestone changed from 0.1.2.1 release with MOD_words + MOD_layoutbits + TinyMCE update to 0.5.2-short cleanup and framework
  • show_on_bw set to 0

comment:10 Changed 6 years ago by TimLoal

  • Component changed from BW General to BW Internationalization

comment:11 Changed 6 years ago by TimLoal

  • Milestone changed from 0.5.2 to Future

comment:12 Changed 6 years ago by jsfan

  • Milestone Future deleted

Milestone Future deleted

comment:13 Changed 6 years ago by shevek

  • Milestone set to unassigned
  • Resolution set to wontfix
  • Status changed from reopened to closed

Closing as the translation team seems to do a good job despite of sanitizing :-)

Note: See TracTickets for help on using tickets.