We are adding more flexible and more consistent filtering of user defined strings translations and dropping for good locale_string_is_safe(), which was not really intended for these strings.
- i18n_string_translate() and all related functions are now filtering translations *always* unless the 'sanitize' = FALSE option is used. The filtering defaults to 'check_plain' so translations with HTML may be displayed as plain texts.
- There's full support for two new 'pseudo-text formats', using the constants: I18N_STRING_FILTER_XSS and I18N_STRING_FILTER_XSS_ADMIN, that can be used as 'format' parameter for strings. These will run translations through the corresponding filtering function.
Two new permissions (which in addition to 'translate interface' will allow users to translate different strings):
- Translate user defined strings Generic permission required to translate any user defined string.
Translate admin strings, required for translating strings filtered through filter_xss_admin() ('format' = I18N_STRINGS_FILTER_XSS_ADMIN)
Thus, no more validation of translations when saved, but better run-time filtering before displaying them.