weblate icon indicating copy to clipboard operation
weblate copied to clipboard

Published 20 hours ago verified publisher icon WeblateOrg

Set protected XLIFF tags to read-only in translation frontend

Open rsr-cs opened this issue 2 years ago • 4 comments

Describe the problem

Our reviewers often edit content in protected XLIFF-tags so that variable names are overlocalized. Shortly this resulted in a heavy manual revert action.

Describe the solution you'd like

I think Weblate should have at least some basic mechanism that the content in protected XLIFF-tags cannot be edited. From a UX perspective the tags should be read only within the editor.

Describe alternatives you've considered

No response

Screenshots

No response

Additional context

No response

rsr-cs avatar Jun 23 '22 07:06 rsr-cs

Right now, placeables are only highlighted in the editor, and there is a check triggered in case they do not match.

nijel avatar Jun 28 '22 11:06 nijel

I would support this feature request. For AntennaPod we're using Weblate to translate our website, and there's a link that opens modal (using javascript). For security reasons, we would prefer to disallow translators to edit this link.

keunes avatar Sep 11 '22 20:09 keunes

This issue has been added to the backlog. It is not scheduled on the Weblate roadmap, but it eventually might be implemented.

In case you need this feature soon, please consider helping or push it by funding the development.

github-actions[bot] avatar Sep 12 '22 07:09 github-actions[bot]

@keynes This can be partly addressed by https://docs.weblate.org/en/latest/user/checks.html#unsafe-html, but it will not prohibit editing the link.

nijel avatar Sep 21 '22 11:09 nijel

Thanks for the tip @nijel. I'm afraid that it seems that the setting the safe-html flag won't work for us as we need the data-toggle and data-target attributes in our tag to display the modal. These values don't seem to be in Bleach's default allow-list, and I suppose they aren't (and won't be) white-listed on Weblate hosted (nor would I expect us to be able to set Bleach options in Weblate).

So I think the only security would be to protect tags from editing completely. (But please do correct me if I'm wrong.)

keunes avatar Oct 05 '22 19:10 keunes

Hi @rsr-cs, Weblate offers the option to fund development to get new functionality and enhancements implemented. Would you (your organisation) be interested in co-funding this? If potentially yes, please don't hesitate to drop me a line via [my username] at mailbox.org.

keunes avatar Oct 13 '22 07:10 keunes

Hi @keunes, we would be interested in co-funding this :-)

@nijel: what would be the procedure? We have anyway a call planned to discuss the current and future activities.

rsr-cs avatar Oct 19 '22 15:10 rsr-cs

The safe-html extracts tags and attributes from the source and allows these. So, the translated HTML cannot contain attributes not present in the source. Still, it does not prohibit translating the content of the attributes...

nijel avatar Oct 25 '22 11:10 nijel