Secure Gettext Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
This plugin ensures that any text coming from a translation file (.po
or .mo
) is run through an escaping function before it is output to the user.
Escaping refers to the modification of the text so that special control characters do not have an effect (for example <
in HTML).
Example: If an original text does not contain HTML, then a translated text should not be allowed to contain HTML either. Thus, an HTML link introduced by a translator should have no effect because this was not intended by the developer.
This plugin is in the proof-of-concept stage, it was created to test if the escaping of translated text can be handled in a general way, whether it severely affects the performance of a site, and if it breaks things.
For text without HTML, the text is sent through esc_html()
, for text containing HTML tags, it is sent through wp_kses()
which is provided with a list of allowed HTML tags and attributes, derived from the original string.
Thus this plugin tries to show a generic way of how to make sure that translated text is escaped. This is something that can eventually be ported to core.
Screenshots
No screenshots provided