You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When translating complex pages on a website, we ran into a problem where we have variable content that contains HTML markup, that is passed as l10-n-args attribute values in the DOM. This content is fro a trusted/vetted source, so we don't need the sanitizeArgs escaping. However, there doesn't seem to be a way to avoid it. Since the args are sanitized when the keys are fetched from context, before they are passed to translation, I don't see a way to add a special TrustedText type. I was considering a builtin function HTML() or some such that would reverse the santiizeArgs replacements.
The text was updated successfully, but these errors were encountered:
@stasm - was it a deliberate choice to not let args be passed unsanitized? I remember some conversation about it during the security review, but I do not remember the outcome.
When translating complex pages on a website, we ran into a problem where we have variable content that contains HTML markup, that is passed as l10-n-args attribute values in the DOM. This content is fro a trusted/vetted source, so we don't need the sanitizeArgs escaping. However, there doesn't seem to be a way to avoid it. Since the args are sanitized when the keys are fetched from context, before they are passed to translation, I don't see a way to add a special TrustedText type. I was considering a builtin function HTML() or some such that would reverse the santiizeArgs replacements.
The text was updated successfully, but these errors were encountered: