[wp-trac] [WordPress Trac] #61065: Ensure URLs are not translated to maintain security and accuracy in localization

WordPress Trac noreply at wordpress.org
Wed Apr 24 09:37:58 UTC 2024 

#61065: Ensure URLs are not translated to maintain security and accuracy in
localization
-----------------------------+----------------------
 Reporter:  akshay.shah5189  |       Owner:  (none)
     Type:  enhancement      |      Status:  closed
 Priority:  normal           |   Milestone:
Component:  I18N             |     Version:  6.5
 Severity:  normal           |  Resolution:  wontfix
 Keywords:                   |     Focuses:
-----------------------------+----------------------
Changes (by swissspidy):

 * keywords:  i18n security urls translation =>
 * status:  new => closed
 * resolution:   => wontfix
 * milestone:  Awaiting Review =>


Comment:

 Hi there and welcome to WordPress Trac!

 The reason all of these URLs are translatable is because these pages are
 available in many different locales.

 For example, the de_DE version of https://wordpress.org/about/ can be
 found at https://de.wordpress.org/about/.

 It's important for de_DE users to have links to de_DE pages, not just the
 default en_US page.

 > Localization Problems: URLs should remain constant across all languages.
 Translating them could lead to broken links if translators inadvertently
 change the URL structure.

 As per my example above, URLs can and will be different depending on the
 locale, that's why they need to be translatable.

 > Security Concerns: Translating URLs might expose the site to
 manipulation if the translation files are compromised.

 If your files are compromised then you have bigger problems, as a
 malicious actor could just change ''any'' of the translated strings.

 WordPress trusts translations coming from translate.wordpress.org, which
 is why translations are not escaped or anything. It also trusts
 translators to put in the correct URLs when translating those.

 > Performance Overhead: Including URLs in translatable strings increases
 the complexity and size of translation files unnecessarily.

 There is really no overhead because of a few more translatable strings. It
 does not make a difference.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61065#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list