i am using the XHTML module from po4a, and i would like to specify
attributes that i don't want to be translated.
i do know about the "untranslated" option, which i already use in some
places, but that option only applies to tags. here i would like to ignore
modifications done by translators on attributes of an inline tag.
example: the text "abc <a href=\"file.html\" target=\"_blank\"
title=\"link-name\"> def". as of now, the text appears as is in the .pot
file, and if a translator mistakenly translates \"file.html\" into
\"translated_name.html\", then the link will point to a non-existing page.
when a translator translates that text to "abc_translated <a
title=\"link-name_translated\"> def_translated", i would like modifications
to the "href" and "target" attributes to be ignored. or as an alternative
solution, simply exit po4a with an error stating that the translation file
i assume there is no current way of doing it; i could try, but i don't know
Perl much and even less po4a. i have noticed the recent work on the XHTML
module (thanks for <br> and <u>, much appreciated!), so i was hoping a po4a
maintainer could give this a try.
otherwise, i would like pointers on where to start...
in the process of writing a translation plugin for ikiwiki,
using po4a, we wondered how safe it was to run po4a on
untrusted content. Hence the following questions.
(You might need to know, in order to provide an accurate answer, that
we actually don't use /usr/bin/po4a* at all, but rather the
Locale::Po4a Perl module.)
Was po4a designed with "processing safely on untrusted content" as
a goal? If not, do you consider it is now achieved as a side effect?
About the external dependencies:
- I could not find any command execution in Locale::Po4a, did I miss
- The first glance makes me think that Locale::gettext is used only to
display translated messages; can you please confirm this?
- Amongst the dependencies (I could quickly list DynaLoader, Encode,
Encode::Guess, Text::WrapI18N, Locale::gettext), is there one (or
more) that you know to be unsafe to process untrusted content?
- What about the msgmerge command, that po4a command-line programs
use, as well as this ikiwiki plugin?
Was the full code checked for symlink attacks when CVE-2007-4462
Was po4a tested with a fuzzing program? Would you be interested in the
results if I did this?
Hi, we are starting translation in spanish the documentation of
PostgreSQL. When execute this
usuario@machine: po4a-gettextize -M utf8 -f sgml -m array.sgml -p
nsgmls:<OSFD>0:3:0:E: no document type declaration; will parse without
this error, and not continue.
The documentation is here . Thanks in advance
 git clone git://git.postgresql.org/git/postgresql.git
La razón siempre ha existido, pero no siempre en una forma razonable.