bug-gettext
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gettext] picking strings to translate from a program's output

From: Bruno Haible
Subject: Re: [bug-gettext] picking strings to translate from a program's output
Date: Thu, 02 May 2019 17:02:00 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; ) 
Hi Egmont,

> The developer of a well-written code takes care of sanitizing
> untrusted source ...
> 
> And if the code does it along the lines of
> 
>     printf(sanitize(_("Cannot remove file %s\n"), filename));
> 
> then the hyperlink trick will fail.

Oh, I see now what you meant.

Frankly, I've rarely seen programs do a sanitize between gettext()
and printf(). Rather, sanitizing is more often done on the untrusted
input itself, at the moment it gets assigned to a variable (i.e.
here:
  filename = sanitize (...).)

And I've seen programs which merge gettext() and fprintf() into a
single function.

> That is, the hyperlink trick for translating isn't transparent.

Still, it requires much less code modifications that the earlier
approach I had in mind.

> And this latter design pattern becomes more problematic if the code is
> generic enough so that at the time of the construction of the message
> it's not yet known where it will be sent to. E.g. if you have these
> two methods split out:
> 
>     string construct_remove_error_message (string filename) {
>         return _("Cannot remove file %s", filename);
>     }
> 
>     deliver_message (string message) {
>         if (blah)
>             printf("%s\n", message);
>         elif (baz)
>             send_to_log(message);
>         elif (html)
>             add_to_dom(message);
>         ...
>     }
> 
> then I can't see where/how to add sanitization and in the mean time
> keep the hyperlink trick working.

filename = sanitize (...).

> I believe that for ncurses or similar interactive apps it's more
> important to see the messages in their exact context, whereas for
> coreutils and friends I would guess that doing a linear translation
> does a pretty good job – is it not the case?

Strings in programs with a UI probably have more "context" than strings
in coreutils, for example. Indeed. Still my feeling would be that the
even coreutils strings have some context (which program? in which situation?
in handling which command-line option?), and therefore the proposed
translate-in-context feature would be useful for coreutils as well.

> Just wondering, are you (or someone else here) actually planning to
> implement it to give it a try? Would indeed be nice to have real life
> feedback. Or is it just the idea that you shared with us, at least for
> the time being?

I'm definitely planning to implement it, yes.

I started this thread in order to
  - let you know there's some more use-case that you can add to your
    github gist, for advocavy purposes,
  - point out that there is a case where push/pop semantics for the
    hyperlink escape sequence would have some advantage,
  - collect feedback from translators in advance. Haven't gotten
    translator feedback so far; therefore I'll likely ask on the
    French translators list as well.

Bruno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]