Problem/Motivation
Recently, in anticipation of the launch of Drupal CMS, I tried to translate all the modules available in the new standard Drupal download into German using localize.drupal.org. In the Leaflet module, I noticed some strings that were rejected when importing, even though they did not contain any syntax errors. What these strings have in common is that they all contain underlined text for which the opening HTML tag '< u >' and its closing counterpart '< /u >' are used.
Could it be that the function locale_string_is_safe and the corresponding XXS filter list, which unfortunately I don't know in which function it is found, do not include the HTML tag for underlining text? The strings in question are, for example,
https://localize.drupal.org/translate/languages/de/translate?page=1&proj...
It would be nice if we could also include this HTML tag in the corresponding lists, as long as it does not contradict what the XXS cross-scripting filter is supposed to contribute in terms of security.
This would ensure that no more errors are displayed when importing correctly formatted translations.
Steps to reproduce
- Install Drupal CORE
- Install the leaflet contributed module
- Add German as second Language in your Installatiion
- update and immport translations
- See current log messages in the reports section
- see import errors of locale
- compare non imported strings they all must contain < u >
Proposed resolution
add the underline html tag to allowd tag list forlocalisazoion import in Drupal
Remaining tasks
change coe
User interface changes
none
Introduced terminology
-
API changes
TBD
Data model changes
TBD
Release notes snippet
TBD