By avantix on

Hey guys,

I've been researching and working with Drupal for a couple weeks now, and I'm finally exploring the localization phase. Basically, I wanted to know how one could implement HTML and other defining tags such as links and images into segments of translated text in an effort to match the blocks of the English layout?

For example, let's say I have a block called "News" on the right side area, and it has a linked image below the text in HTML code for the English language version of the site.

Now let's say I wanted to make that text translate into French - when I go to translate the block, it gives me the error "The submitted string contains disallowed HTML."

Is there any way to implement HTML to do this to match my English page version?

Thanks so much for the assistance if so -

Best.

Categories: Drupal 6.x

Comments

bauhaus’s picture

bauhaus commented

Same problem here - The submitted string contains disallowed HTML when trying translate Views Header.
Found very dirty solution - and temporary.

go to includes/locale.inc
cp locale.inc locale.bak
comment out lines 851 to 854 (no more checking for HTML code)
save file

go to admin page / translation page - save your HTML code in - for example Views header

then
mv locale.inc locale.hack --- for future usage
mv locale.bak locale.inc --- now you have original version in place

Really don't like this solution. And don't like whole idea of blocking HTML usage in Views. This should be allowed for admin.

Best.

avantix’s picture

avantix commented

Thanks for the help, bauhaus -
that solution was bomb.

Best.

giginos’s picture

giginos commented

In my drupal 7.8 its on another line number. Just search for method function locale_string_is_safe($string) and add a return true (temporary of course).

Lovelyman’s picture

Lovelyman commented

Thank you for the answers and it works for me.

petrisor.ionel’s picture

petrisor.ionel commented

function locale_string_is_safe($string) {
return decode_entities($string) == decode_entities(filter_xss($string, array('div','a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')));
}

Just add 'div' in this function.
The function is in includes/locale.inc

memoday’s picture

memoday commented

Thank you so much @petrisor.iohttps for this easy and safe fix. Worked perfectly for me.

nickonom’s picture

nickonom commented

Consider using https://www.drupal.org/project/disable_translate_validation instead.

rc_100’s picture

rc_100 commented

I was able to get around this by just disabling the validation handler function with a form_alter (placed in a custom module). Seems to work fine for me:

function MODULENAME_form_locale_translate_edit_form_alter(&$form, $form_state) {
  unset($form['#validate']);
  // could also replace default validation handler function
  // (locale_translate_edit_form_validate) with a modified version.
}

Please note that this is DANGEROUS and will allow translators to submit PHP and HTML via the Translate Interface (it's bypassing a security check built into the Locale module). But if you need it, this is better than hacking core.

hansrossel’s picture

hansrossel commented

or
function MODULENAME_form_i18n_string_locale_translate_edit_form_alter(&$form, $form_state) {

KOBA - Drupal Webdesign & Webdevelopment

Khetam’s picture

Khetam commented

Thanks for help, this solved my issue.

StephanieFuda’s picture

StephanieFuda commented

Thanks! This solved my issue as well

I love Drupal. Always.

sibiru’s picture

sibiru commented

thanks it solved my issue

mayur.pimple’s picture

mayur.pimple commented

This code is working for me.

qiujumper’s picture

qiujumper commented

Thanks,this work for me too!

swafran’s picture

swafran commented

I had the same problem in 7, I made a block per language, and restricted each block to only show up for its language.

alessio_m’s picture

alessio_m commented

Did the same and sort of worked this issue out
Now i just have to write double CSS code…

(just ANOTHER basic Drupal thing that doesn't work, wtf guys…)

subhojit777’s picture

subhojit777
he/him
Primary language Bengali
commented

Theres a simple trick to avoid this error. At first write some dummy data(plain text) in block body and then click "Save and translate". On the translation page write the translated text for title and save it. You wont get any error. Then, configure the block again and this time write the HTML code and just save it. It works!!

Regards,
Subhojit Paul

CanOne’s picture

CanOne commented

http://drupal.org/node/372965#comment-4760426 solved my problem

int_ua’s picture

int_ua commented

And another dirty hack.
I've found the check in Drupal 7 in modules/locale/locale.admin.inc
Temporary changed this function as follows:

function locale_translate_edit_form_validate($form, &$form_state) {
  // Locale string check is needed for default textgroup only.
  $safe_check_needed = $form_state['values']['textgroup'] == 'default';
  /*foreach ($form_state['values']['translations'] as $key => $value) {
    if ($safe_check_needed && !locale_string_is_safe($value)) {
      form_set_error('translations', t('The submitted string contains disallowed HTML: %string', array('%string' => $value)));
      watchdog('locale', 'Attempted submission of a translation string with disallowed HTML: %string', array('%string' => $value), WATCHDOG_WARNING);
    }
  }*/
}
gianfrasoft’s picture

gianfrasoft commented

This solved my problem. Thanks!

But, is this a bug of locale module?

Web Software Engineer at
Insem S.p.A. - www.insem.it

mar111’s picture

mar111 commented

I have done very well your "dirty" solution! thanks ;)

MikaT’s picture

MikaT commented

You can comment out the whole content of the function. No need to leave the

$safe_check_needed = $form_state['values']['textgroup'] == 'default';
there.
Or you could add some security to it by allowing only the main admin to bypass the validation

global $user;
if ((int)$user->uid !== 1) {
  // Locale string check is needed for default textgroup only.
  $safe_check_needed = $form_state['values']['textgroup'] == 'default';
  foreach ($form_state['values']['translations'] as $key => $value) {
    if ($safe_check_needed && !locale_string_is_safe($value)) {
      form_set_error('translations', t('The submitted string contains disallowed HTML: %string', array('%string' => $value)));
      watchdog('locale', 'Attempted submission of a translation string with disallowed HTML: %string', array('%string' => $value), WATCHDOG_WARNING);
    }
  }
}

Even better might be to add a new permission and check that when skipping the validation.

dblais’s picture

dblais commented

You just have to activate it:

admin/config/regional/i18n/strings

David

Robert21’s picture

Robert21 commented

I tried the settings, added the feature of PHP code, but still does not work.
Have any other solution, other than intervention in code?

nicodv’s picture

nicodv commented 
 function YOURMODULE_form_i18n_string_locale_translate_edit_form_alter(&$form, $form_state) {
    unset($form['#validate']);
    // could also replace default validation handler function
    // (locale_translate_edit_form_validate) with a modified version.
  }

read it here

THE VERY LITTLE AGENCY

tomschi’s picture

tomschi commented

that Drupal - after many years - still does not solve Problems but expect that the Users and Administrators should modify code with tricks and dirty hacks (these are not my words!).

This is a security nightmare and annoying because of every update probably overwrites.

It really would help if Drupal solves such bugs:
writing the code to either assign an HTML Filter to the User Interface Strings or to allow to disable the HTML check is an easy task for a daily Drupal Developer.