-
Notifications
You must be signed in to change notification settings - Fork 10.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TRANS function with parameters for escaping quotes #7107
Comments
We're open to pull requests. |
I didn't find the pull. So this is what I did to resolve my problem with quotes and apostrophes. I wrote two new functions, which extends the regular trans(): I keep a few simple rules to localize my app:
My code (I am not guru, but still it's working :) ): if ( ! function_exists('trans1'))
} if ( ! function_exists('trans2')) The good thing is that you can use these functions with arguments in random order, like: |
What I meant was you can send a pull. :) |
The following characters could interfere with an HTML or Javascript parser and should be escaped in string literals: <, >, ", ', , and &. If translator write some of them in lang files, it would be a problem.
We have to ensure us against these chars. It would be great if we can use additional arguments (flags) like this:
trans('file.str1', EscApos) //EscApos - escape apostrophe
trans('file.str1', EscQuot) //EscQuot- escape double EscQuot
trans('file.str1', EscLtBt) // replace left than and bigger than with HTML entities <
Now you may say - just escape it in lang files. OK, but if I am using services of other translators (if I'm not translating my files), they may make fatal mistakes. I could tell them to escape double quotes or single quotes everytime and even to do outomatic checks, but it's more complicated - sometimes it has to escape double quote, sometimes single quote (apostrophe), it depends on context. So, I think the correct place to do escaping is when we output the string with trans() function, we will setup additional argument depending on context. Translators will not care about that.
We may use custom escaping function like this: EscQuot(trans('file.str1')) or
to override trans() function like this:
transEscQuot('file.str1')
It's not good decision if we replace quotes with html entities in lang file like this:
'str1'=>'What's up?'
because this will give use an error:
I am not sure which one is the best approach.
The best will be if the framework escapes these chars automatically depending on context, I'm not sure is this possible.
You may consider my ideas for future versions of Laravel.
The text was updated successfully, but these errors were encountered: