Error message bundles (internationalization)

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Deploy antisamy e.g. in an application server
2. Set the locale of the application server e.g. to en_US

What is the expected output? What do you see instead?

Error messages should be in the locale of the user, not in the locale of
the server.

What version of the product are you using? On what operating system?

The problem still exists in the current version:
http://owaspantisamy.googlecode.com/svn/trunk/Java/current/JavaSource/org/owasp/
validator/html/scan/AntiSamyDOMScanner.java

Revision: 137

Please provide any additional information below.

The 'locale' field is private and can't be changed. It is set to
Locale.getDefault(). There should be a way to configure this (individually
for each scan).

There should also be a possibility to configure the resource bundle name,
to make it possible for the application to provide the bundles, instead of
using the bundles provided by the antisamy jar.

But actually, this can be done achieved lot easier and better:
I think the ideal solution would be if the CleanResults class didn't
contain the errorMessages as Strings at all. It could instead hold a list
of ValidationMessages like this:

public class ValidationMessage {
   ...
   private String messageKey;
   private Object[] arguments;
   ...
}

This would be a very easy change, because only the few calls to
errorMessages.add(...) would have to be changed.

This would allow the user of antisamy to do with the messages what they
want. So it would be possible to log them on the server in English, but
send them to the user in Spanish.

Original issue reported on code.google.com by chris.lercher on 20 Feb 2010 at 2:42

[GoogleCodeExporter]

Original comment by arshan.d...@gmail.com on 8 Mar 2010 at 5:21

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Original comment by arshan.d...@gmail.com on 8 Mar 2010 at 5:21

[GoogleCodeExporter]

I tried to implement the solution with a custom ValidationMessage object like 
suggested before. But there was a few places (especially when 
CssHandler/CssScanner is involved) where it will include a bit more then just 
adjust a few errorMessages.add() calls ...

So for now i decided to only implement fairly simple solution to allow scans 
with a user provided locale. I introduced a new constructor in the 
AntiSamy.class with a Locale parameter. This locale will be used by the Scanner 
classes (if no locale provided by the user Locale.getDefault() will be used).

The patch also merge the content from country specific 
(AntiSamy_<lang>_<country>) to only language specific files (AntiSamy_<lang>) 
because i see no difference in the content for the different countries. This 
will be easier to maintain and more important allow fallbacks to the language 
specific file if a country specific file for a given locale not exists.

Example:
locale (en) is used and there only exists a country specific file (en_US, en_GB 
...)
the default locale (Locale.getDefault()) will be used as fallback. 

See ResourceBundle.getBundle() javadoc for a detailed description for the used 
search strategy.

Original comment by lucag...@gmx.de on 18 Aug 2011 at 9:36

Attachments:

• simple-user-locale.patch

[GoogleCodeExporter]

The patch here while a few years old still looks pretty good to me. We are 
using antisamy in an LMS (Sakai) and different languages are expected on a per 
user and site basis. It would be great if we had this so that the users were 
able to override the system default language.

Original comment by matt...@longsight.com on 27 Feb 2014 at 11:34