Forum .LRN Q&A: Re: Improved translation support

Posted by Lars Pind on

I'm sorry about this.

The decision was mine. There was no public discussion.

The reasons are technical. OpenACS 5.0 has recently completed the the so-called "noquote" project, which aims at ensuring that no HTML slips through the cracks of the user interface. This is a security measure, since if people can get HTML code to execute on your machine, they can potentially either mess up your user interface, cause your browser to crash, or potentially do even nastier things, such as getting access to other web sites you're logged into. It's called cross-site-scripting, and is to be taken quite seriously.

This change closes the very security hole that we were using in translator mode to sneak the "translate this" link into the page.

That, combined with the fact, that translator mode never fully worked, in that from time to time, the translation link would show up as ugly HTML in the page, causing pages to render strangely, made us finally decide to cut it and find a different solution to the problem.

However, dropping killer features is not something we do lightly, nor is it something that makes us happy nor proud.

We were just discussing this, and have an idea for a new approach to this, which may both work with noquote, and work even more reliably than the old solution. We will look into this.