Vulnerability in EPiServer.Forms
Using the XML path to translate text works fine, when embedding resource in VS. Is it possible to point at an externally hosted XML file with correct or even added translatations?
Yes it is possible, you just need to use another provider: https://world.episerver.com/documentation/developer-guides/CMS/globalization/localizing-the-user-interface/
you can even use XPath backed by database ;)
Thank you, But my question is how do I point to another translation from/to an Add-On? So if I for instance would like to have it on a external CDN or similar?
How do you imagine to use this from the add-on? From dojo or from C# code?
I think from dojo, you could have a js that you load as a dependency, take a look at this, I am loading a css, I don't know if js would be considered as a security issue: https://github.com/mariajemaria/FontAwesomeIconsDropdown/blob/master/ClientResources/Scripts/Editors/AwesomeSelectionEditor.js
I would then at least consider how to workaround origin subresouce integrity for this case :) otherwise, as you said - it's security issue.
The reason was actually most from the admin section, if we on the "fly" want to alter some text then it could be good to have it placed externally and then pull relevant text on load
If you wanna change texts on fly, then I would look at for instance database driven localization provider (instead of xml files).