What steps will reproduce the problem?
1. Deploy antisamy e.g. in an application server
2. Set the locale of the application server e.g. to en_US
What is the expected output? What do you see instead?
Error messages should be in the locale of the user, not in the locale of
the server.
What version of the product are you using? On what operating system?
The problem still exists in the current version:
http://owaspantisamy.googlecode.com/svn/trunk/Java/current/JavaSource/org/owasp/
validator/html/scan/AntiSamyDOMScanner.java
Revision: 137
Please provide any additional information below.
The 'locale' field is private and can't be changed. It is set to
Locale.getDefault(). There should be a way to configure this (individually
for each scan).
There should also be a possibility to configure the resource bundle name,
to make it possible for the application to provide the bundles, instead of
using the bundles provided by the antisamy jar.
But actually, this can be done achieved lot easier and better:
I think the ideal solution would be if the CleanResults class didn't
contain the errorMessages as Strings at all. It could instead hold a list
of ValidationMessages like this:
public class ValidationMessage {
...
private String messageKey;
private Object[] arguments;
...
}
This would be a very easy change, because only the few calls to
errorMessages.add(...) would have to be changed.
This would allow the user of antisamy to do with the messages what they
want. So it would be possible to log them on the server in English, but
send them to the user in Spanish.
Original issue reported on code.google.com by
chris.lercheron 20 Feb 2010 at 2:42