There are some issues with how views and i18n handle text formats and filtering. This is changed in latest i18n dev version, which tries to implement some both more flexible and more consistent text handling, also allowing admin strings (filter_xss_admin).

Related i18n issue (to be released in the next days, so marking this as critical), #1437146: Rework string translation access. (After 1.4 update, block translation disallowed HTML error)

In summary, i18n will allow users with the proper permissions (translate user defined strings, translate admin strings) to enter any text as translation but the counterpart is we need to do a proper filtering of that strings later (before we were using locale_string_is_safe() but not anymore).

Consequences: all i18n strings are now filtered (unlet explicitly not, 'sanitize' => FALSE) and if no format available, they will be run through check_plain(), see also #1361618: HTML (<p>…</p>) visible to users

Since views handling of strings is IMHO a bit flawed (yeah, I know, 'administer views' is a 'special permission'), and also 'translate interface' has became one of that permissions we can somehow ease the requirements on filtering translations, but also we should do some minimal (sometimes best-guess) filtering, we can now use 'filter_xss_admin' with i18n strings.

This patch implements that 'last resource' filtering when there's no text format and runs translations that have no text format through filter_xss_admin() which should, on one side, not apply check_plain() to strings with HTML and on the other side, provide some safety.

CommentFileSizeAuthor
i18nviews_filter_xss.patch1.35 KBJose Reyero
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Jose Reyero’s picture

mgifford’s picture

Are you bringing this into i18n? Need help testing? This is useful context, thanks!

Jose Reyero’s picture

@mgifford,
This is already into i18n (dev) and yes, we'd need some more testing before doing a new i18n release, just to make sure it works with other modules, like this i18nviews.

ptkobe’s picture

Thank you. I still had to add the patch to i18nviews-7.x-3.x-dev (2012-Jan-08) to make it work (and it did).
I'm using i18n-7.x-1.5.

kerios83’s picture

http://drupal.org/node/1526000 -> http://drupal.org/node/1437146 -> here [D7.12 with i18n-7.x-1.5 with latest variable version]

If the file you need to apply the patch is located in modules/i18nviews/includes/i18nviews.views.inc
then this patch isn't working for me: I still get -> as -&gt; in View: Calendar: Upcoming when I try to translate MORE as -> MORE.

When I try to use <p>MORE</p> I get exactly the same: <p>MORE</p> as a input...

This is not so important for me cause I can simply use word without a mark.

trigdog’s picture

Applied the patch. So far so good. HTML elements seem to be rendering now and it seems to have fixed the problem I described here (http://drupal.org/node/1437146#comment-5858182). I am running: i18n 7.x-1.5 and i18nviews 7.x-3.x-dev (2012-Jan-08) + this patch.

@kerios83
It looks like this patch applies to modules/i18nviews/includes/i18nviews_plugin_localization_i18nstrings.inc

kerios83’s picture

@trigdog thanks. I have applied the patch in modules/i18nviews/includes/i18nviews_plugin_localization_i18nstrings.inc and download latest i18nviews 7.x-3.x-dev (2012-Jan-08) but it's all the same on my localhost.

mr_carot’s picture

Thank you very much this patch fixed it for me ... ^__^
I was really afraid that I had to do it without this great module.

Dirk’s picture

Thanks a lot, thanks to this patch i can still translate my site into Japanese.

MyXelf’s picture

I can confirm this patch is working... Thanks!

jmdeleon’s picture

Applied the patch, and it is generally working -- there is one exception: the single-quote character (') is being converted to an entity ' in the translated title of a Block display for a View:

http://www.scc.ca/fr/about-scc/publications/criteria-and-procedures/labo...

Running Drupal core 7.14, i18nviews 7.x-3.x-dev (2012-Jan-08) with the patch applied above, and i18n 7.x-1.5 (stable).

webflo’s picture

Status: Active » Fixed

@jmdeleon I can't reproduce your problem. Feel free to open an new issue with some more information how to reproduce ..

Thanks Jose the initial patch looks good.
Commit 059e772 on 7.x-3.x

Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

netsensei’s picture

I'm using:

i18n 1.5 + i18nviews 7.x-3.x-dev

When I try to translate the title of a view, the text fields are disabled with this description: "This string uses the text format. You are not allowed to translate or edit texts with this format."

I'll leave this closed for now, but can someone confirm this issue has to do with the problem I'm encountering? If yes, wouldn't that make i18nviews not really production ready for D7 at the moment? I don't want to install i18n dev just so I can translate a few views titles.

berliner’s picture

Not working for me either. Trying to translate the label of an exposed filter (translated) and seeing the same error as mentioned in #14.
Setup: i18n 7.x-1.4, i18nviews 7.x-3.x-dev

Marko B’s picture

Status: Closed (fixed) » Active

I am having the same problem, but I just uninstalled i18n views and the same problem happens, filters are all enabled and for that text full html filter is used but I get

The submitted string contains disallowed HTML: <div class="more-link"> <a href="dealers">View more</a> </div> <div class="look_dillers"><img src="/sites/all/themes/fusion/fusion_starter/css/img/looking_for_dealers.png" /></div>

this could be something else, running all the lateste stable modules and core.

Marko B’s picture

I just can't translate strings from views with DIV in them, If i remove DIV it works, but i need DIV for CSS positioning and it should work.

kerios83’s picture

Just to inform, with latest:

Drupal 7.18
Internationalization 7.x-1.7
Views translation 7.x-3.x-dev (latest)

I can't translate calendar view MORE text link-> more... to -> davantage.... In English version off the calendar I have -> more... but in French for example -&gt; davantage...

kennedyabitbol’s picture

#14 @netsensei
May sound weird, but i think your problem may come from the attributed text format FILTER_XSS_ADMIN.
To avoid this, you must create a text format named FILTER_XSS_ADMIN, authorized it for translation and flush your cache.

sam.spinoy@gmail.com’s picture

Hello,

I've tried the solution in #19, doesn't work.

benjifisher’s picture

Status: Active » Needs review

I am not sure if this is related to the problem I was having, but here are some more things to try:

  1. Upgrade to Views 7.x-3.6, just released. See Comments 34 and 35 in #1182210: translate views header / footer / Empty - Global: Text area in D7.
  2. Check that you have configured your text formats for translation at admin/config/regional/i18n/strings.
  3. Try a different version of PHP. I had trouble with 5.3.3 but not 5.3.22 nor 5.4.4.