Skip to:
Content

BuddyPress.org

Opened 4 years ago

Closed 3 years ago

#6656 closed enhancement (no action required)

escape translations

Reported by: DJPaul Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: I18N Keywords:
Cc:

Description

I'm proposing that for 2.5 onwards, we treat all (new) translations as untrusted from now on.

For BuddyPress, we've always known who the translator validators are, because it's the same people who do that for WordPress, and we have a lot of trust and faith and appreciation in them.

Now that other plugins are on the WordPress.org translation platform, and that each plugin can have its own validators added for a specific language without any further community oversight, the risk of someone sneaking something mischievous into any plugin (via a bad translation) is higher. Certainly for any new plugins that I write, the translations will be escaped to cover this -- just in case.

As I don't think BuddyPress should exist on an island by itself when it comes to best practices, and because I think we are able to (and should) contribute to a mindset shift in the plugin community, I'm suggesting we gradually introduce escaping into BuddyPress strings from 2.5 onwards. For example, replacing _e with esc_html_e, and so on.

Change History (7)

#1 @ramiy
4 years ago

It's a very good idea!

I can help with the code and the patches.

#2 in reply to: ↑ description @SergeyBiryukov
4 years ago

Replying to DJPaul:

Now that other plugins are on the WordPress.org translation platform, and that each plugin can have its own validators added for a specific language without any further community oversight, the risk of someone sneaking something mischievous into any plugin (via a bad translation) is higher.

It should be noted that plugin authors cannot add validators themselves, the process still requires an action from global translation editors for the locale.

All translation warnings (extra tags, etc.) are logged into #polyglots-warnings Slack channel and reviewed.

#3 @DJPaul
4 years ago

  • Milestone changed from Awaiting Review to Under Consideration

#4 @DJPaul
3 years ago

  • Type changed from idea to enhancement

#5 @DJPaul
3 years ago

  • Component changed from Locale - i18n to I18N

#6 @DJPaul
3 years ago

  • Milestone changed from Under Consideration to Awaiting Review

#7 @DJPaul
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

This report has had no traction so I'm closing it.

Note: See TracTickets for help on using tickets.