weblate
weblate copied to clipboard
Set protected XLIFF tags to read-only in translation frontend
Describe the problem
Our reviewers often edit content in protected XLIFF-tags so that variable names are overlocalized. Shortly this resulted in a heavy manual revert action.
Describe the solution you'd like
I think Weblate should have at least some basic mechanism that the content in protected XLIFF-tags cannot be edited. From a UX perspective the tags should be read only within the editor.
Describe alternatives you've considered
No response
Screenshots
No response
Additional context
No response
Right now, placeables are only highlighted in the editor, and there is a check triggered in case they do not match.
I would support this feature request. For AntennaPod we're using Weblate to translate our website, and there's a link that opens modal (using javascript). For security reasons, we would prefer to disallow translators to edit this link.
This issue has been added to the backlog. It is not scheduled on the Weblate roadmap, but it eventually might be implemented.
In case you need this feature soon, please consider helping or push it by funding the development.
@keynes This can be partly addressed by https://docs.weblate.org/en/latest/user/checks.html#unsafe-html, but it will not prohibit editing the link.
Thanks for the tip @nijel. I'm afraid that it seems that the setting the safe-html
flag won't work for us as we need the data-toggle
and data-target
attributes in our tag to display the modal. These values don't seem to be in Bleach's default allow-list, and I suppose they aren't (and won't be) white-listed on Weblate hosted (nor would I expect us to be able to set Bleach options in Weblate).
So I think the only security would be to protect tags from editing completely. (But please do correct me if I'm wrong.)
Hi @rsr-cs, Weblate offers the option to fund development to get new functionality and enhancements implemented. Would you (your organisation) be interested in co-funding this? If potentially yes, please don't hesitate to drop me a line via [my username] at mailbox.org.
Hi @keunes, we would be interested in co-funding this :-)
@nijel: what would be the procedure? We have anyway a call planned to discuss the current and future activities.
The safe-html
extracts tags and attributes from the source and allows these. So, the translated HTML cannot contain attributes not present in the source. Still, it does not prohibit translating the content of the attributes...