Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

i18n: Decode entities in translated text #5490

Closed
wants to merge 2 commits into from
Closed

Conversation

aduth
Copy link
Member

@aduth aduth commented Mar 8, 2018

Cherry-picks 748e046 from #5481

This pull request seeks to decode entities in a string. Since React will double-escape entities in strings, these entity sequences are currently being shown verbatim.

Before After
Before After

Code implementation notes:

Due to cherry-picking (to take advantage of centralized dcnpgettext), review attention should be focused primarily on d372392. #5481 can be considered a blocker if necessary.

Testing instructions:

Verify that with German language configured (and the corresponding Gutenberg language pack downloaded), the publish button shows decoded entities.

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
@aduth aduth added the Internationalization (i18n) Issues or PRs related to internationalization efforts label Mar 8, 2018
@aduth
Copy link
Member Author

aduth commented Mar 13, 2018

I had reflected on this at #4933 (comment) . This is certainly a bug that needs to be fixed, but blanket decoding entities from translated strings may be worrisome in the context of some JavaScript usage in potentially enabling some forms of XSS.

@jahvi jahvi mentioned this pull request Mar 13, 2018
3 tasks
@aduth
Copy link
Member Author

aduth commented Apr 3, 2018

@aduth
Copy link
Member Author

aduth commented Apr 3, 2018

This issue will need to be addressed, but there is not a clear path forward from here.

@aduth aduth closed this Apr 3, 2018
@aduth aduth deleted the update/i18n-decode branch April 3, 2018 01:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Internationalization (i18n) Issues or PRs related to internationalization efforts
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant