%% is not properly escaped in the java-printf-format check

[Earthcomputer]

Describe the issue

The java-printf-format check checks whether the source and translation strings have the same number of format arguments. But, %% escapes the % character in Java format strings. Therefore, foo and bar %%s have the same number of format specifiers because the % character before the s is escaped by another % character before it.

However, %% is not recognized as a formatting code (which is later filtered out), and therefore it finds the %s at the end of bar %%s and thinks it is a formatting code which is wrong.

I already tried

• I've read and searched the documentation.
• I've searched for similar filed issues in this repository.

Steps to reproduce the behavior

• Enable the java-printf-format check in a component (or project, or globally)
• Go to a string with no format specifiers, and type %%s into the translation field somewhere
• Save the translation
• Notice that the check erroneously triggers

Expected behavior

Even though it's a bit weird to see strings like %%s in the translation and not source string, this particular check should not trigger

Screenshots

Exception traceback

No response

How do you run Weblate?

Docker container

Weblate versions

• Weblate: 5.8.4
• Django: 5.1.3
• siphashc: 2.5
• translate-toolkit: 3.14.1
• lxml: 5.3.0
• pillow: 11.0.0
• nh3: 0.2.18
• python-dateutil: 2.9.0.post0
• social-auth-core: 4.5.4
• social-auth-app-django: 5.4.2
• django-crispy-forms: 2.3
• oauthlib: 3.2.2
• django-compressor: 4.5.1
• djangorestframework: 3.15.2
• django-filter: 24.3
• django-appconf: 1.0.6
• user-agents: 2.2.0
• filelock: 3.16.1
• RapidFuzz: 3.10.1
• openpyxl: 3.1.5
• celery: 5.4.0
• django-celery-beat: 2.7.0
• kombu: 5.4.2
• translation-finder: 2.19
• weblate-language-data: 2024.14
• html2text: 2024.2.26
• pycairo: 1.27.0
• PyGObject: 3.50.0
• diff-match-patch: 20241021
• requests: 2.32.3
• django-redis: 5.4.0
• hiredis: 3.0.0
• sentry-sdk: 2.18.0
• Cython: 3.0.11
• mistletoe: 1.4.0
• GitPython: 3.1.43
• borgbackup: 1.4.0
• pyparsing: 3.2.0
• ahocorasick_rs: 0.22.1
• python-redis-lock: 4.0.0
• charset-normalizer: 3.4.0
• cyrtranslit: 1.1.1
• drf-spectacular: 0.27.2
• Python: 3.12.7
• Git: 2.39.5
• psycopg: 3.2.3
• psycopg-binary: 3.2.3
• phply: 1.2.6
• ruamel.yaml: 0.18.6
• tesserocr: 2.7.1
• boto3: 1.35.65
• aeidon: 1.15
• iniparse: 0.5
• mysqlclient: 2.2.6
• google-cloud-translate: 3.18.0
• openai: 1.54.5
• Mercurial: 6.8.2
• git-svn: 2.39.5
• git-review: 2.4.0
• PostgreSQL server: 17.2
• Database backends: django.db.backends.postgresql
• PostgreSQL implementation: psycopg3 (binary)
• Cache backends: default:RedisCache, avatar:FileBasedCache
• Email setup: django.core.mail.backends.smtp.EmailBackend: smtp.eu.mailgun.org
• OS encoding: filesystem=utf-8, default=utf-8
• Celery: redis://cache:6379/1, redis://cache:6379/1, regular
• Platform: Linux 5.15.0-117-generic (x86_64)

Weblate deploy checks

System check identified some issues:

WARNINGS:
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.

INFOS:
?: (weblate.I021) Error collection is not set up, it is highly recommended for production use
        HINT: https://docs.weblate.org/en/weblate-5.8.4/admin/install.html#collecting-errors
?: (weblate.I028) Backups are not configured, it is highly recommended for production use
        HINT: https://docs.weblate.org/en/weblate-5.8.4/admin/backup.html

System check identified 5 issues (12 silenced).

Additional context

No response

[github-actions]

Thank you for your report; the issue you have reported has just been fixed.

• In case you see a problem with the fix, please comment on this issue.
• In case you see a similar problem, please open a separate issue.
• If you are happy with the outcome, don’t hesitate to support Weblate by making a donation.

[AntsyLich]

The fix has resulted in just '%' (e.g. '%s', '%1$s') being escaped on Weblate UI
https://hosted.weblate.org/translate/mihon/mihon/en/?checksum=92d3a688ac87d6e4#history

Related but things like quotation marks are also being escaped alongside letters being removed
https://hosted.weblate.org/translate/mihon/mihon/en/?checksum=3404e518b19e02c7#history

[naveensingh]

@AntsyLich Thanks for reporting!

I can also confirm this issue: https://hosted.weblate.org/translate/fossify/sms-messenger/pl/?checksum=3919ddcf6c6496f5

I was worried all Fossify translations might be currupted but thankfully @Aga-C found this issue.

[nijel]

Thas seems unrelated to this issue, it seems issue in the Android strings parser.

[AntsyLich]

Thanks for clarifying

[nijel]

translate/translate#5450 should fix this.

[naveensingh]

Seems to be fixed now 🎉