Thread: [ postfixadmin-Bugs-2966809 ] HTML in translated strings is escaped
Brought to you by:
christian_boltz,
gingerdog
From: SourceForge.net <no...@so...> - 2010-03-09 18:10:07
|
Bugs item #2966809, was opened at 2010-03-09 13:10 Message generated for change (Tracker Item Submitted) made by cviebrock You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Colin Viebrock (cviebrock) Assigned to: Nobody/Anonymous (nobody) Summary: HTML in translated strings is escaped Initial Comment: It appears that any translated string that contains html code is htmlentities()-ized before being output. This means that some error messages, for example, don't have the correct styling and don't render nicely. See the screenshot for an example. Not sure if this is related to the fixes made for bug 2905599 (i.e. the Smarty sanitizing that's done). I haven't dug into the code enough to suggest a fix. Can the sanitizing somehow skip any data that comes from a translated string? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 |
From: SourceForge.net <no...@so...> - 2010-03-09 18:10:58
|
Bugs item #2966809, was opened at 2010-03-09 13:10 Message generated for change (Comment added) made by cviebrock You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) >Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Colin Viebrock (cviebrock) Assigned to: Nobody/Anonymous (nobody) Summary: HTML in translated strings is escaped Initial Comment: It appears that any translated string that contains html code is htmlentities()-ized before being output. This means that some error messages, for example, don't have the correct styling and don't render nicely. See the screenshot for an example. Not sure if this is related to the fixes made for bug 2905599 (i.e. the Smarty sanitizing that's done). I haven't dug into the code enough to suggest a fix. Can the sanitizing somehow skip any data that comes from a translated string? ---------------------------------------------------------------------- >Comment By: Colin Viebrock (cviebrock) Date: 2010-03-09 13:10 Message: Sorry ... this is for SVN 2.4 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 |
From: SourceForge.net <no...@so...> - 2011-04-10 22:35:29
|
Bugs item #2966809, was opened at 2010-03-09 19:10 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Colin Viebrock (cviebrock) Assigned to: Nobody/Anonymous (nobody) Summary: HTML in translated strings is escaped Initial Comment: It appears that any translated string that contains html code is htmlentities()-ized before being output. This means that some error messages, for example, don't have the correct styling and don't render nicely. See the screenshot for an example. Not sure if this is related to the fixes made for bug 2905599 (i.e. the Smarty sanitizing that's done). I haven't dug into the code enough to suggest a fix. Can the sanitizing somehow skip any data that comes from a translated string? ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-04-11 00:35 Message: Yes, that's caused by smarty sanitizing. The goal is to remove the HTML from the translated strings - they are used in the command-line interface also, and HTML in console output doesn't look too nice ;-) Removing all the HTML will take some time - there are about 50 texts affected. It isn't as easy as "just remove the HTML", we have to check their usage everywhere and need to change code or templates to ensure they are properly formatted. As a first step, I just did this for delete.php (r1036). It now uses flash_error (the red box at the top of the page) instead of displaying the errors below the menu. ---------------------------------------------------------------------- Comment By: Colin Viebrock (cviebrock) Date: 2010-03-09 19:10 Message: Sorry ... this is for SVN 2.4 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 |
From: SourceForge.net <no...@so...> - 2011-07-30 11:19:06
|
Bugs item #2966809, was opened at 2010-03-09 19:10 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Interface (example) Group: SVN (please specify revision!) >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Colin Viebrock (cviebrock) Assigned to: Nobody/Anonymous (nobody) Summary: HTML in translated strings is escaped Initial Comment: It appears that any translated string that contains html code is htmlentities()-ized before being output. This means that some error messages, for example, don't have the correct styling and don't render nicely. See the screenshot for an example. Not sure if this is related to the fixes made for bug 2905599 (i.e. the Smarty sanitizing that's done). I haven't dug into the code enough to suggest a fix. Can the sanitizing somehow skip any data that comes from a translated string? ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-07-30 13:19 Message: This is fixed in SVN trunk since some days - Dale's huge cleanup patch removed all HTML from $PALANG :-) ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2011-04-11 00:35 Message: Yes, that's caused by smarty sanitizing. The goal is to remove the HTML from the translated strings - they are used in the command-line interface also, and HTML in console output doesn't look too nice ;-) Removing all the HTML will take some time - there are about 50 texts affected. It isn't as easy as "just remove the HTML", we have to check their usage everywhere and need to change code or templates to ensure they are properly formatted. As a first step, I just did this for delete.php (r1036). It now uses flash_error (the red box at the top of the page) instead of displaying the errors below the menu. ---------------------------------------------------------------------- Comment By: Colin Viebrock (cviebrock) Date: 2010-03-09 19:10 Message: Sorry ... this is for SVN 2.4 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2966809&group_id=191583 |