There are some issues with how views and i18n handle text formats and filtering. This is changed in latest i18n dev version, which tries to implement some both more flexible and more consistent text handling, also allowing admin strings (filter_xss_admin).
Related i18n issue (to be released in the next days, so marking this as critical), #1437146: Rework string translation access. (After 1.4 update, block translation disallowed HTML error)
In summary, i18n will allow users with the proper permissions (translate user defined strings, translate admin strings) to enter any text as translation but the counterpart is we need to do a proper filtering of that strings later (before we were using locale_string_is_safe() but not anymore).
Consequences: all i18n strings are now filtered (unlet explicitly not, 'sanitize' => FALSE) and if no format available, they will be run through check_plain(), see also #1361618: HTML (<p>…</p>) visible to users
Since views handling of strings is IMHO a bit flawed (yeah, I know, 'administer views' is a 'special permission'), and also 'translate interface' has became one of that permissions we can somehow ease the requirements on filtering translations, but also we should do some minimal (sometimes best-guess) filtering, we can now use 'filter_xss_admin' with i18n strings.
This patch implements that 'last resource' filtering when there's no text format and runs translations that have no text format through filter_xss_admin() which should, on one side, not apply check_plain() to strings with HTML and on the other side, provide some safety.
Comment | File | Size | Author |
---|---|---|---|
i18nviews_filter_xss.patch | 1.35 KB | Jose Reyero |
Comments
Comment #1
Jose Reyero CreditAttribution: Jose Reyero commentedChange record here, https://drupal.org/node/1534468
Comment #2
mgiffordAre you bringing this into i18n? Need help testing? This is useful context, thanks!
Comment #3
Jose Reyero CreditAttribution: Jose Reyero commented@mgifford,
This is already into i18n (dev) and yes, we'd need some more testing before doing a new i18n release, just to make sure it works with other modules, like this i18nviews.
Comment #4
ptkobe CreditAttribution: ptkobe commentedThank you. I still had to add the patch to i18nviews-7.x-3.x-dev (2012-Jan-08) to make it work (and it did).
I'm using i18n-7.x-1.5.
Comment #5
kerios83 CreditAttribution: kerios83 commentedhttp://drupal.org/node/1526000 -> http://drupal.org/node/1437146 -> here [D7.12 with i18n-7.x-1.5 with latest variable version]
If the file you need to apply the patch is located in modules/i18nviews/includes/i18nviews.views.inc
then this patch isn't working for me: I still get
->
as->
in View: Calendar: Upcoming when I try to translate MORE as -> MORE.When I try to use
<p>MORE</p>
I get exactly the same:<p>MORE</p>
as a input...This is not so important for me cause I can simply use word without a mark.
Comment #6
trigdog CreditAttribution: trigdog commentedApplied the patch. So far so good. HTML elements seem to be rendering now and it seems to have fixed the problem I described here (http://drupal.org/node/1437146#comment-5858182). I am running: i18n 7.x-1.5 and i18nviews 7.x-3.x-dev (2012-Jan-08) + this patch.
@kerios83
It looks like this patch applies to modules/i18nviews/includes/i18nviews_plugin_localization_i18nstrings.inc
Comment #7
kerios83 CreditAttribution: kerios83 commented@trigdog thanks. I have applied the patch in modules/i18nviews/includes/i18nviews_plugin_localization_i18nstrings.inc and download latest i18nviews 7.x-3.x-dev (2012-Jan-08) but it's all the same on my localhost.
Comment #8
mr_carot CreditAttribution: mr_carot commentedThank you very much this patch fixed it for me ... ^__^
I was really afraid that I had to do it without this great module.
Comment #9
Dirk CreditAttribution: Dirk commentedThanks a lot, thanks to this patch i can still translate my site into Japanese.
Comment #10
MyXelf CreditAttribution: MyXelf commentedI can confirm this patch is working... Thanks!
Comment #11
jmdeleon CreditAttribution: jmdeleon commentedApplied the patch, and it is generally working -- there is one exception: the single-quote character (') is being converted to an entity ' in the translated title of a Block display for a View:
http://www.scc.ca/fr/about-scc/publications/criteria-and-procedures/labo...
Running Drupal core 7.14, i18nviews 7.x-3.x-dev (2012-Jan-08) with the patch applied above, and i18n 7.x-1.5 (stable).
Comment #12
webflo CreditAttribution: webflo commented@jmdeleon I can't reproduce your problem. Feel free to open an new issue with some more information how to reproduce ..
Thanks Jose the initial patch looks good.
Commit 059e772 on 7.x-3.x
Thanks!
Comment #14
netsensei CreditAttribution: netsensei commentedI'm using:
i18n 1.5 + i18nviews 7.x-3.x-dev
When I try to translate the title of a view, the text fields are disabled with this description: "This string uses the text format. You are not allowed to translate or edit texts with this format."
I'll leave this closed for now, but can someone confirm this issue has to do with the problem I'm encountering? If yes, wouldn't that make i18nviews not really production ready for D7 at the moment? I don't want to install i18n dev just so I can translate a few views titles.
Comment #15
berliner CreditAttribution: berliner commentedNot working for me either. Trying to translate the label of an exposed filter (translated) and seeing the same error as mentioned in #14.
Setup: i18n 7.x-1.4, i18nviews 7.x-3.x-dev
Comment #16
Marko B CreditAttribution: Marko B commentedI am having the same problem, but I just uninstalled i18n views and the same problem happens, filters are all enabled and for that text full html filter is used but I get
The submitted string contains disallowed HTML: <div class="more-link"> <a href="dealers">View more</a> </div> <div class="look_dillers"><img src="/sites/all/themes/fusion/fusion_starter/css/img/looking_for_dealers.png" /></div>
this could be something else, running all the lateste stable modules and core.
Comment #17
Marko B CreditAttribution: Marko B commentedI just can't translate strings from views with DIV in them, If i remove DIV it works, but i need DIV for CSS positioning and it should work.
Comment #18
kerios83 CreditAttribution: kerios83 commentedJust to inform, with latest:
Drupal 7.18
Internationalization 7.x-1.7
Views translation 7.x-3.x-dev (latest)
I can't translate calendar view MORE text link
-> more...
to-> davantage...
. In English version off the calendar I have-> more...
but in French for example-> davantage...
Comment #19
kennedyabitbol CreditAttribution: kennedyabitbol commented#14 @netsensei
May sound weird, but i think your problem may come from the attributed text format FILTER_XSS_ADMIN.
To avoid this, you must create a text format named FILTER_XSS_ADMIN, authorized it for translation and flush your cache.
Comment #20
sam.spinoy@gmail.com CreditAttribution: sam.spinoy@gmail.com commentedHello,
I've tried the solution in #19, doesn't work.
Comment #21
benjifisherI am not sure if this is related to the problem I was having, but here are some more things to try:
admin/config/regional/i18n/strings
.