[4.1.0.beta1] I18n Missing Translation Handler doesn't work

[firedev]

I have this initializers/i18n.rb to make sure english missing translation go through:

module I18n
  class MissingTranslationHandler < ExceptionHandler
    def call(exception, locale, key, options)
      if exception.is_a?(MissingTranslation) && I18n.locale == :en
        key
      else
        super
      end
    end
  end
end

I18n.exception_handler = I18n::MissingTranslationHandler.new

Works in Rails 4.0.1 but in Rails 4.1.0.beta link_to helpers are wrapping the link text in .translation_missing.

Update

After reading the release notes for Rails 4.0.2 I've tried the suggested Error Handler: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998 but it simply doesn't work:

require 'i18n' 

# Override exception handler to more carefully html-escape missing-key results. 
class HtmlSafeI18nExceptionHandler 
  Missing = I18n.const_defined?(:MissingTranslation) ? I18n::MissingTranslation : I18n::MissingTranslationData 

  def initialize(original_exception_handler) 
    @original_exception_handler = original_exception_handler 
  end 

  def call(exception, locale, key, options) 
    if exception.is_a?(Missing) && options[:rescue_format] == :html 
      keys = exception.keys.map { |k| Rack::Utils.escape_html k } 
      key = keys.last.to_s.gsub('_', ' ').gsub(/\b('?[a-z])/) { $1.capitalize } 
      %(<span class="translation_missing" title="translation missing: #{keys.join('.')}">#{key}</span>) 
    else 
      @original_exception_handler.call(exception, locale, key, options) 
    end 
  end 
end 

I18n.exception_handler = HtmlSafeI18nExceptionHandler.new(I18n.exception_handler) 

Even if I remove the body of the call method, so it always returns key, translations are wrapped in span.translation_missing anyway.

I have tried to redefine t() helper like this:

def t key
  I18n.t(key, raise: true)
end

The I18n::MissingTranslationData error is raised, but it's not being intercepted by the handler.

I propose to have a ignore_missing_translation=[:en] setting that would simply ignore missing translations for specified locales. After all this is the point of overriding the error handler.

[carlosantoniodasilva]

Have you tested in 4.0.2? Also, which I18n version are you using? Thanks.

[pftg]

Confirmed for rails 4.0.2, i18n is 0.6.9, the same issue happen.

[pftg]

Found that raise set to true as default, instead of passing it to the handler. Working on patch

[pftg]

Sorry, found that this is expected solution, to prevent security bugs. As I got from commit message 0c7ac34:

Stop using i18n's built in HTML error handling.

i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans.  Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.

Fixes: CVE-2013-4491

You should add option raise: true to handle exception by rails way. I think need to update documentation because of that. So I18n.exception_handler = I18n::MissingTranslationHandler.new is not working from 4.0.2.

[pftg]

Please ignore me, above. I've miss-read the commit code. I assume only rescue_format is dropped off.

[firedev]

I don't get it, how should I do it then? Edge Rails Guides suggest the old way to do it: http://edgeguides.rubyonrails.org/i18n.html#using-different-exception-handlers

PS. The issue appears in 4.0.2, works in 4.0.1.

[firedev]

After reading the release notes I've tried the suggested Error Handler: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998 in 4.0.2 but it simply doesn't work. Even if I remove the body of the call method, so it always returns key, translations are wrapped in span.translation_missing anyway.

Why not make fallback a default behaviour in I18n module?

[pftg]

@firedev to override handler you should use t('.missing', raise: true). Then will be raised exception, which you should handle/catch yourselves.

@NZKoz, I think there is a way to support I18n.exception_handler, should we add patch to return supporting of it, or should this feature be removed, and updated docs that I18n.exception_handler is not working anymore?

/cc @carlosantoniodasilva

[firedev]

@pftg It doesn't work. I mean the I18n::MissingTranslationData error is raised, but it's not being intercepted by the handler.

The whole point of messing with this is to let missing translation slip for I18n.default_locale. What about having this functionality built-in? There is config.i18n.fallbacks = [:en] now, it could be a similar fallback setting for translations.

[fguillen]

Same here:

• Rails: 4.0.2
• I18n: 0.6.9

[fguillen]

@pftg you suggest to add :raise => true in all our I18n.t calls? this is too ugly because normally is all the translations or none.

Also the I18n.exception_handler system makes easier to configure behaviour depending in the environment

[pftg]

@fguillen you are right, I just show that there is for now only this way. I think I saw PR which setup raise: true for all translations. Have you reviewed opened issues/PR?

[fguillen]

@pftg Thanks for the suggestion, I'll take a look.

[fguillen]

Looks like this is the PR: #13832

But I don't know in which version of Rails is it merged.