Anwiki CMS

Anwiki CMS : the first wiki/CMS dedicated to multilingual contents
| Tasklist |

FS#150 - HTML entities escaped twice in translation action strings

Attached to Project: Anwiki CMS
Opened by Wladimir Palant (trev) - Monday, 13 December 2010, 17:05 GMT
Last edited by anw (anw) - Sunday, 20 February 2011, 21:12 GMT
Task Type Bug Report
Category Components → Actions
Status New
Assigned To No-one
Operating System All
Severity Low
Priority Normal
Reported Version Anwiki 0.2.5
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


The buttons in translation action are currently saying "<< Previous translation" and "Next translation >>" - HTML entities have been escaped twice. This is because they are already escaped in the language file - it should be changed into "<< Previous translation" in the language file and leave escaping to the template.

Some other language strings also use escaped entities: nav_latest/nav_previous/nav_next in lastchanges action, notice_reverse in diff action, content field titles in page content class, err_contentfield_string_tags global string. It seems that the templates fail to escape these strings however - it would be nice to get this unified.
This task depends upon

Comment by anw (anw) - Sunday, 20 February 2011, 21:12 GMT
Thanks for the bug report. This is something which will be fixed with the new templating system.
Wouldn't it be better to allow html entities in language files, but not escape it in templates?
Comment by Wladimir Palant (trev) - Monday, 21 February 2011, 06:55 GMT
I think - the fewer exceptions to escaping the better. This is also true in case of translations, if you consistently escape them you won't need to worry that one of your translators hides a <script> tag in his translation and you don't notice.
Comment by Wladimir Palant (trev) - Thursday, 19 May 2011, 10:52 GMT
Here is a partial patch for this issue - fixes escaping for Next/Previous button as well as the lock message.