Escaping string arguments in i18n

Chusslove Illich caslav.ilic at gmx.net
Sun Jun 15 11:43:46 BST 2008


There is a latent problem with string arguments to i18n'd messages: if it
comes from an external source, and contains something than can be
interpreted as a tag, it may loose data or interfere with other markup. E.g.
if there is a placeholder-like substring <...>, and the message is rich
text, this part of the argument will be eaten by Qt. So, string arguments of
unknown composition should always be escaped due to this (e.g. Qt::escape: <
becomes < etc.), but they almost never are.

To "fix" the problem, since current i18n captures its arguments and
interprets < and other stuff in all cases (needs not be rich text), I
thought of automatically escaping string arguments which do not pass
equivalent of Qt::mightBeRichText. And I did, and it seemed to work well.

Then a problem struck in Phonon, where a string was intentionally pieced up
of markup segments not passing Qt::mightBeRichText, to become valid in the
end. So it was correctly pointed to me (by Matthias) that, at the very
least, auto-escaping is compatibility break with 4.0, and that it may be too
surprising and shouldn't be done regardless. So I removed auto-escaping.

Still, yesterday there was again a problem to the contrary, of markup mixup
due to unexpected less-then in a string argument. (The initial auto-escaping
I did was prompted by such after-the-fact discovered issue as well.)

So now I'm at a loss what to do. Do not auto-escape, but instruct people to
manually escape external strings (e.g. every filename), and fix problems as
they appear? Or try auto-escaping again, but with slightly more permissive
detection of rich text (which wouldn't crash the Phonon case, and other
similar to it)?

-- 
Chusslove Illich (Часлав Илић)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080615/5bca2718/attachment.sig>


More information about the kde-core-devel mailing list