Replace angle brackets in frontend translations with entity codes
What does this MR do?
Replace the use of angle brackets in the final strings on the HTML todolist. Merging this will mean we can remove the TODO list functionality and can continue to translate all our strings normally.
Both of these strings we tricky to get working, and the approaches were chosen for the following reasons:
Related Issues Box
Replacing the </> with < and > does not work in this scenario because of the way Vue sets attributes on a placeholder text (using setAttribute). The result of the substitution is outputting these strings looking like this:
"or <#issue id&glt;"This is illustrated here: https://jsfiddle.net/rf5esptd/
Replacing these characters with the JS versions of these entities (x3C and \x3E) results in the frontend output being correct. However, the gettext extractor we're using currently un-escapes these characters when collating the PO file, so we still submit < and > for translation. This is a bug/new feature that is in progress here:
- Issue: https://github.com/lukasgeiter/gettext-extractor/issues/36
- PR: https://github.com/lukasgeiter/gettext-extractor/issues/36
For now, as these are only presentation related, I have chosen to extract them from the string and substitute them back in with variables. This should still be safe as we validate that the variable count in the source and translated strings are the same.
Analytics Page
For this string I couldn't find a sensible way to work around using the v-html tag. We need the < sign to go to translation because this symbol is different in some languages (ie currently our translation for this in Japanese is "1 時間未満").
But if we insert this without rendering it as HTML, Vue will escape the code and render it incorrectly. Maybe this is something we can extend GlSprintf helper to handle in the future?
Screenshots
| screen | screenshot |
|---|---|
| related issues |
 
|
| analytics |  |
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
~~Label as security and @ mention @gitlab-com/gl-security/appsec~~ -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team