Are online html formatter safe12/11/2023 ![]() WordPress has a very useful function called wp_kses that allows a subset of HTML to be rendered, while escaping anything else. That means writing some code to filter on any text that passes through it. If your boss/client/nemesis has insisted you fix this, your only option is to interfere with the sacred esc_html function. The developer may be happy to implement something like this if you ask them nicely. Using wp_kses instead of esc_html allows simple links in the translation, while still protecting from other unwanted code. The code from our simple example above could be re-written as follows: echo wp_kses( _('Design by WickedCoolThemes Inc.','some-wicked-cool-theme'), ] ) But if you want to add tags all over their design, or inject tags into their admin pages they will probably refuse. If your request is reasonable they might oblige. You can try asking them to enable HTML formatting on particular string in their next release. ![]() You can learn more about these techniques in the WordPress documentation. Which is why you see text as if it was your original HTML code. It translates, then escapes, then prints.Ĭritically, this causes any HTML code already in your translation to be escaped also. For example, the esc_html_e function is a shortcut that does the same three things as the above. There are many possible variations of this code. Their use of the esc_html function has escaped the text, and tells us they are not allowing HTML to be rendered here. If you see the code, it will be because the developer has done something like this in the theme code where the translation is displayed: echo esc_html( _('Design by WickedCoolThemes Inc.','some-wicked-cool-theme') ) To your dismay, the footer now shows the actual code you typed in, or possibly some other problem like the formatting being stripped out. ![]() It doesn't change the content of your translation in any way, it just highlights the code so you can read it better. You don't have to enable the code view as shown here. Suppose you have some text in your theme's footer that looks like this when rendered in the browser:Īnd let's say you want it to display with a nice clickable link instead:Īs far as Loco Translate is concerned you can just type HTML into the translation editor, like this: Let's look in detail about what this means for adding formatting to translations. So for security and simplicity the majority of localized strings in WordPress are expected to be plain text and will be escaped before they're displayed on your page. It's fundamentally insecure to display unsanitized HTML code from an untrusted source (which is what your translations are). If you try to add it anyway you're very likely to run into a problem,īecause the code author is probably preventing unwanted HTML from being injected into their pages. The longer story is that this probably won't work unless the developer has allowed it.Īs a general rule, if the source text isn't HTML then the translation probably shouldn't be HTML either. If you can type it, the editor will save it. Loco Translate doesn't care whether your translation is HTML or plain text, or if it's complete nonsense. The short answer is "you just type the code into the editor". Balancing them helps to run the code efficiently giving of significant output.įor repairing your HTML file and fixing the missing information access our tool today, absolutely free with quick results.FAQ: How do I enter a link (or other HTML formatting) into a translation? The unbalanced tags result in ineffective codes that lower down the performance.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |