Error message bundles (internationalization)
Opened this issue · 4 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Deploy antisamy e.g. in an application server
2. Set the locale of the application server e.g. to en_US
What is the expected output? What do you see instead?
Error messages should be in the locale of the user, not in the locale of
the server.
What version of the product are you using? On what operating system?
The problem still exists in the current version:
http://owaspantisamy.googlecode.com/svn/trunk/Java/current/JavaSource/org/owasp/
validator/html/scan/AntiSamyDOMScanner.java
Revision: 137
Please provide any additional information below.
The 'locale' field is private and can't be changed. It is set to
Locale.getDefault(). There should be a way to configure this (individually
for each scan).
There should also be a possibility to configure the resource bundle name,
to make it possible for the application to provide the bundles, instead of
using the bundles provided by the antisamy jar.
But actually, this can be done achieved lot easier and better:
I think the ideal solution would be if the CleanResults class didn't
contain the errorMessages as Strings at all. It could instead hold a list
of ValidationMessages like this:
public class ValidationMessage {
...
private String messageKey;
private Object[] arguments;
...
}
This would be a very easy change, because only the few calls to
errorMessages.add(...) would have to be changed.
This would allow the user of antisamy to do with the messages what they
want. So it would be possible to log them on the server in English, but
send them to the user in Spanish.
Original issue reported on code.google.com by chris.lercher
on 20 Feb 2010 at 2:42
GoogleCodeExporter commented
Original comment by arshan.d...@gmail.com
on 8 Mar 2010 at 5:21
- Changed state: Accepted
- Added labels: Type-Enhancement
- Removed labels: Type-Defect
GoogleCodeExporter commented
Original comment by arshan.d...@gmail.com
on 8 Mar 2010 at 5:21
GoogleCodeExporter commented
I tried to implement the solution with a custom ValidationMessage object like
suggested before. But there was a few places (especially when
CssHandler/CssScanner is involved) where it will include a bit more then just
adjust a few errorMessages.add() calls ...
So for now i decided to only implement fairly simple solution to allow scans
with a user provided locale. I introduced a new constructor in the
AntiSamy.class with a Locale parameter. This locale will be used by the Scanner
classes (if no locale provided by the user Locale.getDefault() will be used).
The patch also merge the content from country specific
(AntiSamy_<lang>_<country>) to only language specific files (AntiSamy_<lang>)
because i see no difference in the content for the different countries. This
will be easier to maintain and more important allow fallbacks to the language
specific file if a country specific file for a given locale not exists.
Example:
locale (en) is used and there only exists a country specific file (en_US, en_GB
...)
the default locale (Locale.getDefault()) will be used as fallback.
See ResourceBundle.getBundle() javadoc for a detailed description for the used
search strategy.
Original comment by lucag...@gmx.de
on 18 Aug 2011 at 9:36
Attachments:
GoogleCodeExporter commented
The patch here while a few years old still looks pretty good to me. We are
using antisamy in an LMS (Sakai) and different languages are expected on a per
user and site basis. It would be great if we had this so that the users were
able to override the system default language.
Original comment by matt...@longsight.com
on 27 Feb 2014 at 11:34