Add HTML sanitizer for translated message resources

[everettbu]

Test 7

Summary by CodeRabbit

• New Features

  • Added automated verification to ensure only safe HTML is used in message property files, preventing unauthorized or malformed HTML in translations.

• Bug Fixes

  • Corrected pluralization and formatting in several English error messages for more accurate and natural language display.
  • Fixed malformed or inconsistent HTML tags and formatting in multiple localized email and login messages across various languages.
  • Improved clarity and consistency in instructions for TOTP setup by generalizing app recommendations and removing outdated links in several localizations.
  • Corrected minor translation and placeholder issues in various language files.

• Tests

  • Added tests to verify detection of illegal HTML, missing anchors, and HTML usage in message property files.

• Chores

  • Updated dependencies to support HTML sanitization in message verification.

[coderabbitai]

Walkthrough

This update introduces enhanced HTML safety verification for localized property files, adds supporting dependencies, and expands test coverage for message property validation. Numerous localization files are refined for pluralization, HTML correctness, and formatting consistency, with several TOTP and WebAuthn instructions generalized and HTML tags standardized across multiple languages.

Changes

Cohort / File(s)	Change Summary
Theme Verifier: HTML Safety, Dependencies, and Tests misc/theme-verifier/pom.xml, misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java, misc/theme-verifier/src/test/java/org/keycloak/themeverifier/VerifyMessagePropertiesTest.java, misc/theme-verifier/src/test/resources/changedAnchor_de.properties, misc/theme-verifier/src/test/resources/changedAnchor_en.properties, misc/theme-verifier/src/test/resources/illegalHtmlTag_en.properties, misc/theme-verifier/src/test/resources/noHtml_de.properties, misc/theme-verifier/src/test/resources/noHtml_en.properties	Adds HTML safety checks to property verification, introduces new dependencies (owasp-java-html-sanitizer, commons-text), and expands tests and test resources for HTML validation and anchor tag correctness.
Pluralization and Formatting: Multivalued Attribute Error js/apps/account-ui/maven-resources/theme/keycloak.v3/account/messages/messages_en.properties, js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties, themes/src/main/resources/theme/base/admin/messages/messages_en.properties, themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties, themes/src/main/resources/theme/base/login/messages/messages_en.properties	Refines error messages for invalid multivalued attribute size to use choice format for correct pluralization and updates parameter placeholder syntax.
Localization: TOTP Step 1 Generalization themes/src/main/resources-community/theme/base/account/messages/messages_fi.properties, themes/src/main/resources-community/theme/base/account/messages/messages_lt.properties, themes/src/main/resources-community/theme/base/account/messages/messages_sk.properties, themes/src/main/resources-community/theme/base/account/messages/messages_sv.properties, themes/src/main/resources-community/theme/base/account/messages/messages_zh_CN.properties, themes/src/main/resources-community/theme/base/login/messages/messages_lt.properties, themes/src/main/resources-community/theme/base/login/messages/messages_no.properties, themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties, themes/src/main/resources-community/theme/base/login/messages/messages_sv.properties	Updates TOTP setup instructions to remove explicit app names/links, providing more generic guidance across multiple languages.
Localization: WebAuthn Error Message HTML Tag Standardization themes/src/main/resources-community/theme/base/login/messages/messages_ar.properties, themes/src/main/resources-community/theme/base/login/messages/messages_ca.properties, themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties, themes/src/main/resources-community/theme/base/login/messages/messages_de.properties, themes/src/main/resources-community/theme/base/login/messages/messages_el.properties, themes/src/main/resources-community/theme/base/login/messages/messages_es.properties, themes/src/main/resources-community/theme/base/login/messages/messages_fa.properties, themes/src/main/resources-community/theme/base/login/messages/messages_fi.properties, themes/src/main/resources-community/theme/base/login/messages/messages_fr.properties, themes/src/main/resources-community/theme/base/login/messages/messages_hr.properties, themes/src/main/resources-community/theme/base/login/messages/messages_ka.properties, themes/src/main/resources-community/theme/base/login/messages/messages_ko.properties, themes/src/main/resources-community/theme/base/login/messages/messages_th.properties, themes/src/main/resources-community/theme/base/login/messages/messages_tr.properties, themes/src/main/resources-community/theme/base/login/messages/messages_uk.properties, themes/src/main/resources-community/theme/base/login/messages/messages_zh_CN.properties, themes/src/main/resources-community/theme/base/login/messages/messages_zh_TW.properties	Standardizes HTML line break tags in WebAuthn error messages from <br/> to <br /> across multiple languages.
Localization: Email and Admin Message Corrections themes/src/main/resources-community/theme/base/email/messages/messages_da.properties, themes/src/main/resources-community/theme/base/email/messages/messages_fa.properties, themes/src/main/resources-community/theme/base/email/messages/messages_hu.properties, themes/src/main/resources-community/theme/base/email/messages/messages_lt.properties, themes/src/main/resources-community/theme/base/email/messages/messages_nl.properties, themes/src/main/resources-community/theme/base/email/messages/messages_no.properties, themes/src/main/resources-community/theme/base/email/messages/messages_tr.properties, themes/src/main/resources-community/theme/base/email/messages/messages_uk.properties, js/apps/admin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_zh_CN.properties	Fixes malformed HTML, removes extraneous characters, and corrects placeholder formatting in various email and admin localization files.

Sequence Diagram(s)

sequenceDiagram
    participant Verifier as VerifyMessageProperties
    participant PropertiesFile as .properties file
    participant EnglishSource as English .properties file
    participant Sanitizer as HTML Sanitizer

    Verifier->>PropertiesFile: Load translation properties
    Verifier->>EnglishSource: Load English source properties
    loop For each key in properties
        Verifier->>Verifier: normalizeValue(key, value)
        Verifier->>Verifier: getEnglishValue(key, EnglishSource)
        Verifier->>Verifier: santizeAnchors(key, value, englishValue)
        Verifier->>Verifier: containsHtml(englishValue)
        alt English value has HTML
            Verifier->>Sanitizer: Allow limited HTML tags
        else No HTML allowed
            Verifier->>Sanitizer: Disallow all HTML tags
        end
        Sanitizer-->>Verifier: Sanitized value
        Verifier->>Verifier: Compare sanitized vs original
        alt Difference found
            Verifier->>Verifier: Record error for illegal HTML
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Poem

In the garden of code, where the carrots do grow,
We bunnies inspect every message in tow.
HTML now safe, plural forms just right,
With tests and translations, our future is bright!
Hop, hop, hooray—this patch is a treat,
For every locale, and every heartbeat.
🥕✨

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature-html-sanitizer-implementation

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[everettbu]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 11

🧹 Nitpick comments (12)

themes/src/main/resources-community/theme/base/email/messages/messages_hu.properties (1)

6-6: HTML fix looks correct – consider descriptive anchor text for accessibility

The removal of the stray prefix and the resulting markup is syntactically sound (all tags close properly, placeholders remain intact).
For better accessibility and phishing-prevention UX, you could change the visible text of the <a> element from the raw URL ({0}) to a descriptive phrase (e.g. „Hivatkozás jóváhagyáshoz”), while keeping the same href.
This keeps e-mails cleaner and reduces the chance that the rendered link is wrapped or filtered by mail clients.

themes/src/main/resources-community/theme/base/email/messages/messages_da.properties (1)

9-9: Extraneous character and mixed-language phrase in last paragraph

The final <p> starts with nHvis (leading stray ‘n’) and contains the English word “ignore”.
This will surface directly to Danish end-users and looks unpolished.

-<p>nHvis du ikke vil forbinde disse konti, kan du bare ignore denne besked. Hvis du vælger at forbinde de to konti, kan du logge ind som {1} via {0}.</p>
+<p>Hvis du ikke vil forbinde disse konti, kan du blot ignorere denne besked. Hvis du vælger at forbinde de to konti, kan du logge ind som {1} via {0}.</p>

Removes the rogue character, restores full Danish wording (“blot ignorere”), and keeps placeholders intact.
Please mirror the same fix in other locale files if they were generated from the same template.

themes/src/main/resources-community/theme/base/email/messages/messages_uk.properties (1)

6-6: Optional: add rel="noopener noreferrer" for safer links

To harden against reverse-tabnabbing and similar issues, consider adding rel="noopener noreferrer" (and, if desired, target="_blank") to the anchor.

-<p><a href="{0}">{0}</a></p>
+<p><a href="{0}" rel="noopener noreferrer">{0}</a></p>

themes/src/main/resources-community/theme/base/email/messages/messages_tr.properties (1)

9-9: Remove stray spaces inside the <b> tags.

<b> {1} </b> and <b> {0} </b> render an extra space before/after the bolded placeholder, which is inconsistent with the other locales and may be flagged by the new HTML-sanitizer logic.

-identityProviderLinkBodyHtml=<p>Birisi <b> {1} </b> hesabınızı {2} kullanıcısı <b> {0} </b> hesabına bağlamak istiyor. Bu sizseniz, bağlantı vermek için aşağıdaki bağlantıyı tıklayın</p><p><a href="{3}">Hesap bağlantısını onaylamak için bağlantı</a></p><p>Bu bağlantının süresi {5} içerisinde sona erecek.</p><p>Hesabı bağlamak istemiyorsanız, bu mesajı göz ardı edin. Hesapları bağlarsanız, {1} ile {0} arasında oturum açabilirsiniz.</p>
+identityProviderLinkBodyHtml=<p>Birisi <b>{1}</b> hesabınızı {2} kullanıcısı <b>{0}</b> hesabına bağlamak istiyor. Bu sizseniz, bağlantı vermek için aşağıdaki bağlantıyı tıklayın</p><p><a href="{3}">Hesap bağlantısını onaylamak için bağlantı</a></p><p>Bu bağlantının süresi {5} içerisinde sona erecek.</p><p>Hesabı bağlamak istemiyorsanız, bu mesajı göz ardı edin. Hesapları bağlarsanız, {1} ile {0} arasında oturum açabilirsiniz.</p>

misc/theme-verifier/src/test/resources/changedAnchor_en.properties (1)

17-17: Consider using HTTPS even in test fixtures

Although this is only a test resource, replacing http://example.com with https://example.com avoids accidental reliance on insecure URLs and keeps the sample data aligned with best-practice defaults.

-key=Some <a href="http://example.com">link</a>
+key=Some <a href="https://example.com">link</a>

misc/theme-verifier/src/test/resources/illegalHtmlTag_en.properties (1)

17-17: Ensure file ends with a trailing newline

illegalHtmlTag_en.properties currently terminates on Line 17 without a final newline character. While most tools tolerate this, POSIX‐style text files are expected to end with \n, and some diff or concatenation utilities give warnings otherwise.
Adding a trailing newline avoids such edge-case tooling issues.

-key=Some <div>tag</div
+key=Some <div>tag</div\n

misc/theme-verifier/pom.xml (1)

75-85: Keep dependency scope declarations consistent

You explicitly set <scope>compile</scope> for commons-text, but left the OWASP Sanitizer to rely on Maven’s default (also compile). Mixing explicit vs implicit scope declarations in the same block creates pointless noise in diffs and hinders quick visual scanning.

Pick one convention and apply it to both dependencies. A minimal patch:

-        <dependency>
-            <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
-            <artifactId>owasp-java-html-sanitizer</artifactId>
-            <version>20240325.1</version>
-        </dependency>
+        <dependency>
+            <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
+            <artifactId>owasp-java-html-sanitizer</artifactId>
+            <version>20240325.1</version>
+            <scope>compile</scope>
+        </dependency>

(or drop the explicit scope element from commons-text).
Pure style, but worth tightening for long-term maintainability.

themes/src/main/resources-community/theme/base/login/messages/messages_ca.properties (1)

423-427: Inconsistent spacing after <br />

Lines 426-427 omit the space before {0} (<br />{0} vs <br /> {0} elsewhere). For visual consistency across messages and locales, add the space:

-webauthn-error-auth-verification=El resultat de l'autenticació amb clau de seguretat no és vàlid.<br />{0}
-webauthn-error-register-verification=El resultat del registre amb clau de seguretat no és vàlid.<br />{0}
+webauthn-error-auth-verification=El resultat de l'autenticació amb clau de seguretat no és vàlid.<br /> {0}
+webauthn-error-register-verification=El resultat del registre amb clau de seguretat no és vàlid.<br /> {0}

themes/src/main/resources-community/theme/base/login/messages/messages_th.properties (1)

462-466: Remove superfluous space after <br /> for HTML-consistency

A few other languages (e.g. messages_ka.properties) omit the space, so the rendered result is identical but the markup becomes consistent across locales.

-webauthn-error-registration=การลงทะเบียนคีย์รักษาความปลอดภัยของคุณไม่สำเร็จ<br /> {0}
+webauthn-error-registration=การลงทะเบียนคีย์รักษาความปลอดภัยของคุณไม่สำเร็จ<br />{0}
-webauthn-error-api-get=การพิสูจน์ตัวจริงโดยใช้คีย์รักษาความปลอดภัยไม่สำเร็จ<br /> {0}
+webauthn-error-api-get=การพิสูจน์ตัวจริงโดยใช้คีย์รักษาความปลอดภัยไม่สำเร็จ<br />{0}
-webauthn-error-auth-verification=ผลการพิสูจน์ตัวจริงของคีย์รักษาความปลอดภัยไม่ถูกต้อง<br /> {0}
+webauthn-error-auth-verification=ผลการพิสูจน์ตัวจริงของคีย์รักษาความปลอดภัยไม่ถูกต้อง<br />{0}
-webauthn-error-register-verification=ผลการลงทะเบียนของคีย์รักษาความปลอดภัยไม่ถูกต้อง<br /> {0}
+webauthn-error-register-verification=ผลการลงทะเบียนของคีย์รักษาความปลอดภัยไม่ถูกต้อง<br />{0}

themes/src/main/resources-community/theme/base/login/messages/messages_tr.properties (1)

469-473: Consistent <br /> self-closing tag – good, but trailing comma looks like a typo

👍 for switching to the XHTML-style <br /> that the new HTML-sanitiser expects.

While touching the line, consider removing the trailing comma after the {0} placeholder – it renders literally in the UI:

-webauthn-error-registration= Geçiş Anahatarınızı kaydederken hata oluştu.<br /> {0},
+webauthn-error-registration= Geçiş Anahtarınızı kaydederken hata oluştu.<br /> {0}

Same for 470, 472, 473.
[nitpick]

js/apps/account-ui/maven-resources/theme/keycloak.v3/account/messages/messages_en.properties (1)

188-188: Pluralisation pattern works, but double–0 rule is redundant

{2,choice,0#values|1#value|1<values} is fine; for clarity you could drop the 0# rule – the 1< branch already covers 0 as well in ChoiceFormat. Optional, not blocking.

-error-invalid-multivalued-size=Attribute {0} must have at least {1} and at most {2} {2,choice,0#values|1#value|1<values}.
+error-invalid-multivalued-size=Attribute {0} must have at least {1} and at most {2} {2,choice,1#value|1<values}.

misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java (1)

117-137: Consider making special case handling more maintainable

The hardcoded key names and patterns make this method brittle. Consider externalizing these rules or using a more flexible configuration approach.

// Consider defining these patterns at class level
private static final Map<String, Pattern> KEY_SPECIFIC_PATTERNS = Map.of(
    "templateHelp", Pattern.compile("CLAIM\\.<[A-Z]*>"),
    "optimizeLookupHelp", Pattern.compile("<Extensions>")
);

private static final Pattern TIME_PERIOD_KEY_PATTERN = Pattern.compile("^linkExpirationFormatter\\.timePeriodUnit.*|error-invalid-multivalued-size$");

This would make it easier to add new special cases and understand the rules at a glance.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 21d5311 and 5d77e7e.

📒 Files selected for processing (47)

• js/apps/account-ui/maven-resources/theme/keycloak.v3/account/messages/messages_en.properties (1 hunks)
• js/apps/admin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_zh_CN.properties (1 hunks)
• js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties (1 hunks)
• misc/theme-verifier/pom.xml (1 hunks)
• misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java (2 hunks)
• misc/theme-verifier/src/test/java/org/keycloak/themeverifier/VerifyMessagePropertiesTest.java (1 hunks)
• misc/theme-verifier/src/test/resources/changedAnchor_de.properties (1 hunks)
• misc/theme-verifier/src/test/resources/changedAnchor_en.properties (1 hunks)
• misc/theme-verifier/src/test/resources/illegalHtmlTag_en.properties (1 hunks)
• misc/theme-verifier/src/test/resources/noHtml_de.properties (1 hunks)
• misc/theme-verifier/src/test/resources/noHtml_en.properties (1 hunks)
• themes/src/main/resources-community/theme/base/account/messages/messages_fi.properties (1 hunks)
• themes/src/main/resources-community/theme/base/account/messages/messages_lt.properties (1 hunks)
• themes/src/main/resources-community/theme/base/account/messages/messages_sk.properties (1 hunks)
• themes/src/main/resources-community/theme/base/account/messages/messages_sv.properties (1 hunks)
• themes/src/main/resources-community/theme/base/account/messages/messages_zh_CN.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_da.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_fa.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_hu.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_lt.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_nl.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_no.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_tr.properties (1 hunks)
• themes/src/main/resources-community/theme/base/email/messages/messages_uk.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_ar.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_ca.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_de.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_el.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_es.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_fa.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_fi.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_fr.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_hr.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_ka.properties (2 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_ko.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_lt.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_no.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties (4 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_sv.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_th.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_tr.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_uk.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_zh_CN.properties (1 hunks)
• themes/src/main/resources-community/theme/base/login/messages/messages_zh_TW.properties (1 hunks)
• themes/src/main/resources/theme/base/admin/messages/messages_en.properties (1 hunks)
• themes/src/main/resources/theme/base/login/messages/messages_en.properties (2 hunks)

🔇 Additional comments (38)

themes/src/main/resources-community/theme/base/email/messages/messages_uk.properties (1)

6-6: LGTM – removed stray space fixes malformed closing tag

The corrected </p> eliminates invalid HTML, ensuring proper rendering across email clients.

themes/src/main/resources/theme/base/admin/messages/messages_en.properties (1)

69-69: Pluralisation logic duplicates the max-value parameter.

The current text renders e.g.
“at most 4 4 values”, repeating {2} before the choice.
Drop the standalone {2} and embed the numeric token inside the choice block so the number and word appear only once.

-error-invalid-multivalued-size=Attribute {0} must have at least {1} and at most {2} {2,choice,0#values|1#value|1<values}.
+error-invalid-multivalued-size=Attribute {0} must have at least {1} and at most {2,choice,0#0 values|1#1 value|1< # values}.

This yields “at most 4 values” and “at most 1 value” as expected.

Likely an incorrect or invalid review comment.

js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties (1)

3136-3136: Plural-aware rewrite looks correct

The switch to MessageFormat placeholders ({0}, {1}, {2}) and the {2,choice,…} expression will render the proper singular/plural form:

• …at most 1 value
• …at most 2 values
• …at most 0 values

No escaping or quote-escaping issues are introduced, and re-using index 2 twice is allowed by MessageFormat.

themes/src/main/resources-community/theme/base/login/messages/messages_el.properties (1)

418-422: HTML line-break standardisation looks good.

Switching from <br/> to <br /> aligns with the sanitizer’s whitelist and the rest of the code-base. No further issues.

themes/src/main/resources-community/theme/base/email/messages/messages_nl.properties (1)

3-3: Fixed missing > – LGTM.

The malformed <p> tag is now well-formed; this avoids parser errors and passes the new verifier.

misc/theme-verifier/src/test/resources/noHtml_de.properties (1)

17-17: Test resource correctly exercises “no-HTML” rule.

Having <b> markup in a noHtml locale file is a useful negative test for the new verifier. File header & licence blocks also comply with project standards.

themes/src/main/resources-community/theme/base/login/messages/messages_ko.properties (1)

480-484: Consistent <br /> formatting – looks good.

The four WebAuthn error strings now match the HTML style enforced across locales; no issues spotted.

themes/src/main/resources-community/theme/base/login/messages/messages_ar.properties (1)

466-470: Consistent self-closing <br /> tag – looks good

The switch from <br/> to <br /> aligns with W3C-style self-closing tags used elsewhere in the project and with the new HTML-sanitizer rules. No further action required.

misc/theme-verifier/src/test/resources/changedAnchor_de.properties (1)

17-17: Intentionally divergent anchor – OK for negative test

The http://malicious.com anchor differs from the English source and is evidently used to assert the “changed anchor” detection path. No issues.

misc/theme-verifier/src/test/resources/noHtml_en.properties (1)

17-17: No HTML scenario fixture – looks fine

The plain-text value correctly represents a no-HTML case for the verifier tests.

themes/src/main/resources-community/theme/base/email/messages/messages_fa.properties (1)

6-6: Removed stray space in <p> tag – good catch

The fix from < p> to <p> prevents malformed HTML in outgoing emails and will satisfy the new sanitizer. ✅

themes/src/main/resources-community/theme/base/login/messages/messages_fa.properties (1)

457-462: Consistent <br /> spacing – looks good

The switch from <br/> to <br /> aligns these messages with HTML-5 style and the new sanitizer. No further issues spotted.

themes/src/main/resources-community/theme/base/email/messages/messages_no.properties (1)

5-5: Removed HTML from plain-text template – correct fix

Stripping the <b> tags from the non-HTML body prevents markup bleed in plain emails while the HTML variant (line 6) keeps formatting. ✔️

themes/src/main/resources-community/theme/base/login/messages/messages_de.properties (1)

420-424: Unified <br /> self-closing style

The spaced form is now consistent with the sanitizer policy applied project-wide. No action required.

themes/src/main/resources-community/theme/base/login/messages/messages_es.properties (1)

442-446: HTML break tag normalised

Same harmless formatting tweak as in other locales; translation content unchanged. ✅

themes/src/main/resources-community/theme/base/login/messages/messages_sv.properties (1)

68-68: Step-1 wording simplified – verify downstream list rendering

The line now reads “Installera en av följande applikationer …”.
Assuming the UI still renders the app list via separate keys (totpAppFreeOTPName etc.), this is fine. If that list is not shown, users lose explicit examples—double-check the template.

themes/src/main/resources-community/theme/base/login/messages/messages_zh_CN.properties (1)

466-470: Consistent <br /> spacing looks good

The update standardises self-closing break tags to the XHTML-style <br />, matching changes across other locale files and avoiding false positives in the new HTML-sanitiser. No further action required.

js/apps/admin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_zh_CN.properties (1)

1255-1255: Placeholder formatting fixed – LGTM

The extra space inside ${CLAIM.<NAME>} was removed, preventing runtime placeholder-resolution issues.

themes/src/main/resources/theme/base/login/messages/messages_en.properties (2)

487-492: Consistent XHTML-style <br /> looks good

Switching to the spaced self-closing tag aligns with the HTML-sanitizer rules introduced in this PR and avoids noisy lint warnings. Nice housekeeping.

---

530-531: Double-check the ChoiceFormat edge case

{2,choice,0#values|1#value|1<values} will fall through to the last alternative for every value > 1. That is fine, but make sure this key really receives the “max” argument ({2}) at runtime; some callers pass the current count instead. A mismatch will produce grammatically wrong output (“at most 5 value”).

themes/src/main/resources-community/theme/base/login/messages/messages_fr.properties (1)

377-381: HTML tag tweak acknowledged

<br/> → <br /> is purely cosmetic⁠—no functional impact. Change is correct.

themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties (1)

466-470: Good consistency update

Same XHTML self-closing adjustment as other locales – all good.

themes/src/main/resources-community/theme/base/account/messages/messages_sk.properties (1)

101-103: Generic TOTP instructions OK

Hard-coding app names was removed; the new wording is clearer and will age better.

themes/src/main/resources-community/theme/base/login/messages/messages_hr.properties (1)

479-483: HTML line-break tag now standards-compliant – looks good.

The change from <br/> to <br /> matches the sanitizer’s whitelist and the rest of the codebase. No further action needed.

themes/src/main/resources-community/theme/base/login/messages/messages_no.properties (1)

71-71: Generic Norwegian TOTP step 1 text is correct.

The revised sentence is clear, in correct Bokmål, and free of app-specific links. No issues spotted.

themes/src/main/resources-community/theme/base/account/messages/messages_fi.properties (1)

141-141: Finnish wording updated correctly.

The new neutral instruction reads naturally and aligns with other locales. No problems identified.

themes/src/main/resources-community/theme/base/login/messages/messages_uk.properties (1)

459-463: HTML line-break change looks good

The <br/> → <br /> replacement is correct and safe; no other issues spotted.

themes/src/main/resources-community/theme/base/account/messages/messages_sv.properties (1)

96-96: Generic wording LGTM

Switching to a vendor-neutral instruction removes outdated app references and improves longevity. ✔

themes/src/main/resources-community/theme/base/login/messages/messages_ka.properties (1)

172-174: Consistent <br /> usage applied

Change aligns with sanitizer rules. No further action required.

Also applies to: 451-452

themes/src/main/resources-community/theme/base/login/messages/messages_fi.properties (1)

400-404: LGTM – only tag spacing changed

The <br/> → <br /> update aligns with the new sanitiser rules; nothing else to flag.

themes/src/main/resources-community/theme/base/login/messages/messages_zh_TW.properties (1)

473-477: LGTM – XHTML-style <br /> adopted

Change is purely cosmetic and required by the verifier. No further issues.

themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties (3)

30-30: Fixed stray closing tag – good catch

The <strong>{0}</strong> wrapper now closes correctly.

---

123-123: Generic app list phrasing – no functional impact

Replacing concrete app names with a generic sentence is fine; just confirm with localisation team that context is still clear for users.

---

466-470: <br /> tag fix – looks good

The change satisfies the new sanitiser; no further action.

misc/theme-verifier/src/test/java/org/keycloak/themeverifier/VerifyMessagePropertiesTest.java (4)

31-34: LGTM!

The test correctly verifies duplicate key detection functionality using appropriate Hamcrest matchers.

---

36-40: LGTM!

The test appropriately verifies the detection of illegal HTML tags in message properties.

---

42-46: LGTM!

Good test coverage for verifying HTML restrictions in localized properties files.

---

48-52: LGTM!

Important test for verifying that anchor tags in translations match the English source, preventing potential security issues.

[coderabbitai]

🛠️ Refactor suggestion

Make PolicyFactory instances static final constants

These policy factories are immutable and should be declared as static final constants for better performance and clarity.

-    PolicyFactory POLICY_SOME_HTML = new org.owasp.html.HtmlPolicyBuilder()
+    private static final PolicyFactory POLICY_SOME_HTML = new org.owasp.html.HtmlPolicyBuilder()
             .allowElements(
-                    "br", "p", "strong", "b"
+                    "br", "p", "strong", "b", "em", "i"
             ).toFactory();

-    PolicyFactory POLICY_NO_HTML = new org.owasp.html.HtmlPolicyBuilder().toFactory();
+    private static final PolicyFactory POLICY_NO_HTML = new org.owasp.html.HtmlPolicyBuilder().toFactory();

Also consider adding "em" and "i" tags for italic text formatting, which are commonly used alongside bold formatting.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	PolicyFactory POLICY_SOME_HTML = new org.owasp.html.HtmlPolicyBuilder()
	.allowElements(
	"br", "p", "strong", "b"
	).toFactory();
	PolicyFactory POLICY_NO_HTML = new org.owasp.html.HtmlPolicyBuilder().toFactory();
	private static final PolicyFactory POLICY_SOME_HTML = new org.owasp.html.HtmlPolicyBuilder()
	.allowElements(
	"br", "p", "strong", "b", "em", "i"
	).toFactory();
	private static final PolicyFactory POLICY_NO_HTML = new org.owasp.html.HtmlPolicyBuilder().toFactory();

🤖 Prompt for AI Agents

In
misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java
around lines 58 to 64, the PolicyFactory instances are currently not declared as
static final constants. Change their declarations to static final to improve
performance and clarity since they are immutable. Additionally, update the
allowed elements in POLICY_SOME_HTML to include "em" and "i" tags to support
italic text formatting alongside the existing bold tags.

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

Improve English file path resolution and error handling

The current approach using string replacement is fragile and may fail with unexpected directory structures. Additionally, the error handling should be consistent with the rest of the class.

         PropertyResourceBundle bundleEnglish;
-        String englishFile = file.getAbsolutePath().replaceAll("resources-community", "resources")
-                .replaceAll("_[a-zA-Z-_]*\\.properties", "_en.properties");
+        // More robust approach to find English file
+        File parentDir = file.getParentFile();
+        String fileName = file.getName();
+        String englishFileName = fileName.replaceAll("_[a-zA-Z-]+\\.properties$", "_en.properties");
+        File englishFile = new File(parentDir, englishFileName);
+        
+        // If in resources-community, also check resources directory
+        if (!englishFile.exists() && parentDir.getName().equals("resources-community")) {
+            File resourcesDir = new File(parentDir.getParentFile(), "resources");
+            englishFile = new File(resourcesDir, englishFileName);
+        }
+        
         try (FileInputStream fis = new FileInputStream(englishFile)) {
             bundleEnglish = new PropertyResourceBundle(fis);
         } catch (IOException e) {
-            throw new RuntimeException("unable to read file " + englishFile, e);
+            messages.add("Unable to read English source file for " + file.getName() + ": " + e.getMessage());
+            return; // Skip HTML validation if English file is not available
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	String englishFile = file.getAbsolutePath().replaceAll("resources-community", "resources")
	.replaceAll("_[a-zA-Z-_]*\\.properties", "_en.properties");
	try (FileInputStream fis = new FileInputStream(englishFile)) {
	bundleEnglish = new PropertyResourceBundle(fis);
	} catch (IOException e) {
	throw new RuntimeException("unable to read file " + englishFile, e);
	}
	PropertyResourceBundle bundleEnglish;
	// More robust approach to find English file
	File parentDir = file.getParentFile();
	String fileName = file.getName();
	String englishFileName = fileName.replaceAll("_[a-zA-Z-]+\\.properties$", "_en.properties");
	File englishFile = new File(parentDir, englishFileName);
	// If in resources-community, also check resources directory
	if (!englishFile.exists() && "resources-community".equals(parentDir.getName())) {
	File resourcesDir = new File(parentDir.getParentFile(), "resources");
	englishFile = new File(resourcesDir, englishFileName);
	}
	try (FileInputStream fis = new FileInputStream(englishFile)) {
	bundleEnglish = new PropertyResourceBundle(fis);
	} catch (IOException e) {
	messages.add("Unable to read English source file for " + file.getName() + ": " + e.getMessage());
	return; // Skip HTML validation if English file is not available
	}

🤖 Prompt for AI Agents

In
misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java
around lines 74 to 80, the English file path is constructed using fragile string
replacements that may break with different directory structures. Refactor this
to build the path more robustly, for example by manipulating File or Path
objects to navigate directories and replace locale suffixes safely. Also, update
the error handling to match the class's standard approach, ensuring consistent
exception types and messages.

[coderabbitai]

⚠️ Potential issue

Fix typo in method name

The method name "santizeAnchors" has a typo - it should be "sanitizeAnchors".

-            value = santizeAnchors(key, value, englishValue);
+            value = sanitizeAnchors(key, value, englishValue);

-    private String santizeAnchors(String key, String value, String englishValue) {
+    private String sanitizeAnchors(String key, String value, String englishValue) {

Also applies to: 150-150

🤖 Prompt for AI Agents

In
misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java
at lines 88 and 150, the method name "santizeAnchors" is misspelled. Rename all
occurrences of "santizeAnchors" to "sanitizeAnchors" to correct the typo.

[coderabbitai]

🛠️ Refactor suggestion

Make regex pattern static final

The HTML_TAGS pattern should be a static final constant for better performance.

-    Pattern HTML_TAGS = Pattern.compile("<[a-z]+[^>]*>");
+    private static final Pattern HTML_TAGS = Pattern.compile("<[a-z]+[^>]*>");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Pattern HTML_TAGS = Pattern.compile("<[a-z]+[^>]*>");
	private boolean containsHtml(String englishValue) {
	return HTML_TAGS.matcher(englishValue).find();
	}
	private static final Pattern HTML_TAGS = Pattern.compile("<[a-z]+[^>]*>");
	private boolean containsHtml(String englishValue) {
	return HTML_TAGS.matcher(englishValue).find();
	}

🤖 Prompt for AI Agents

In
misc/theme-verifier/src/main/java/org/keycloak/themeverifier/VerifyMessageProperties.java
around lines 139 to 143, the HTML_TAGS regex pattern is currently an instance
variable. Change its declaration to be static final to make it a constant,
improving performance by compiling the pattern only once for all instances.

[coderabbitai]

⚠️ Potential issue

Italian text accidentally inserted into Lithuanian resource file.

totpStep1 is now Italian (“Installa una …”) instead of Lithuanian, breaking localisation quality.

-totpStep1=Installa una delle seguenti applicazioni sul tuo cellulare:
+totpStep1=Įdiekite vieną iš šių programėlių į savo telefoną:

🤖 Prompt for AI Agents

In
themes/src/main/resources-community/theme/base/account/messages/messages_lt.properties
at line 101, the value for the key totpStep1 is mistakenly in Italian instead of
Lithuanian. Replace the Italian text with the correct Lithuanian translation to
maintain proper localization quality.

[coderabbitai]

⚠️ Potential issue

Fix several typos in emailVerificationBodyHtml

tao → tai, stray n at sentence start, and ignuoruokite → ignoruokite.

-emailVerificationBodyHtml=<p>Paskyra {2} sukurta naudojant šį el. pašto adresą. Jei tao buvote Jūs, tuomet paspauskite žemiau esančią nuorodą</p><p><a href="{0}">{0}</a></p><p>Ši nuoroda galioja {1} min.</p><p>nJei paskyros nekūrėte, tuomet ignuoruokite šį laišką.</p>
+emailVerificationBodyHtml=<p>Paskyra {2} sukurta naudojant šį el. pašto adresą. Jei tai buvote Jūs, tuomet paspauskite žemiau esančią nuorodą</p><p><a href="{0}">{0}</a></p><p>Ši nuoroda galioja {1} min.</p><p>Jei paskyros nekūrėte, tuomet ignoruokite šį laišką.</p>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	emailVerificationBodyHtml=<p>Paskyra {2} sukurta naudojant šį el. pašto adresą. Jei tao buvote Jūs, tuomet paspauskite žemiau esančią nuorodą</p><p><a href="{0}">{0}</a></p><p>Ši nuoroda galioja {1} min.</p><p>nJei paskyros nekūrėte, tuomet ignuoruokite šį laišką.</p>
	emailVerificationBodyHtml=<p>Paskyra {2} sukurta naudojant šį el. pašto adresą. Jei tai buvote Jūs, tuomet paspauskite žemiau esančią nuorodą</p><p><a href="{0}">{0}</a></p><p>Ši nuoroda galioja {1} min.</p><p>Jei paskyros nekūrėte, tuomet ignoruokite šį laišką.</p>

🤖 Prompt for AI Agents

In
themes/src/main/resources-community/theme/base/email/messages/messages_lt.properties
at line 3, fix the typos in the emailVerificationBodyHtml string by replacing
"tao" with "tai", removing the stray "n" at the start of the last paragraph, and
correcting "ignuoruokite" to "ignoruokite".

[coderabbitai]

🛠️ Refactor suggestion

Restore lost characters and typo in identityProviderLinkBodyHtml

The string starts with žas instead of Kažkas and later contains galėsiste (should be galėsite).

-identityProviderLinkBodyHtml=<p>žas pageidauja susieti Jūsų <b>{1}</b> paskyrą su <b>{0}</b> {2} naudotojo paskyrą. ...
+identityProviderLinkBodyHtml=<p>Kažkas pageidauja susieti Jūsų <b>{1}</b> paskyrą su <b>{0}</b> {2} naudotojo paskyra. ...

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

identityProviderLinkBodyHtml=<p>žas pageidauja susieti Jūsų <b>{1}</b> paskyrą su <b>{0}</b> {2} naudotojo paskyrą. Jei tai buvote Jūs, tuomet paspauskite žemiau esančią nuorodą norėdami susieti paskyras</p><p><a href="{3}">{3}</a></p><p>Ši nuoroda galioja {4} min.</p><p>Jei paskyrų susieti nenorite, tuomet ignoruokite šį laišką. Jei paskyras susiesite, tuomet prie {1} galėsiste prisijungti per {0}.</p>

identityProviderLinkBodyHtml=<p>Kažkas pageidauja susieti Jūsų <b>{1}</b> paskyrą su <b>{0}</b> {2} naudotojo paskyrą. Jei tai buvote Jūs, tuomet paspauskite žemiau esančią nuorodą norėdami susieti paskyras</p><p><a href="{3}">{3}</a></p><p>Ši nuoroda galioja {4} min.</p><p>Jei paskyrų susieti nenorite, tuomet ignoruokite šį laišką. Jei paskyras susiesite, tuomet prie {1} galėsiste prisijungti per {0}.</p>

🤖 Prompt for AI Agents

In
themes/src/main/resources-community/theme/base/email/messages/messages_lt.properties
at line 6, the string for identityProviderLinkBodyHtml has a typo and missing
characters: it starts with "žas" instead of "Kažkas" and contains "galėsiste"
instead of "galėsite". Correct these typos by replacing "žas" with "Kažkas" at
the start and "galėsiste" with "galėsite" later in the string.

[coderabbitai]

⚠️ Potential issue

Correct misspelling in executeActionsBodyHtml

neasate → nesate.

-... Jei Jūs neasate tikri, kad tai administratoriaus pageidavimas, tuomet ignoruokite šį laišką ir niekas nebus pakeista.</p>
+... Jei Jūs nesate tikri, kad tai administratoriaus pageidavimas, tuomet ignoruokite šį laišką ir niekas nebus pakeista.</p>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	executeActionsBodyHtml=<p>Sistemos administratorius pageidauja, kad Jūs atnaujintumėte savo {2} paskyrą. Paspauskite žemiau esančią nuorodą paskyros duomenų atnaujinimui.</p><p><a href="{0}">{0}</a></p><p>Ši nuoroda galioja {1} min.</p><p>Jei Jūs neasate tikri, kad tai administratoriaus pageidavimas, tuomet ignoruokite šį laišką ir niekas nebus pakeista.</p>
	executeActionsBodyHtml=<p>Sistemos administratorius pageidauja, kad Jūs atnaujintumėte savo {2} paskyrą. Paspauskite žemiau esančią nuorodą paskyros duomenų atnaujinimui.</p><p><a href="{0}">{0}</a></p><p>Ši nuoroda galioja {1} min.</p><p>Jei Jūs nesate tikri, kad tai administratoriaus pageidavimas, tuomet ignoruokite šį laišką ir niekas nebus pakeista.</p>

🤖 Prompt for AI Agents

In
themes/src/main/resources-community/theme/base/email/messages/messages_lt.properties
at line 12, correct the misspelling in the executeActionsBodyHtml value by
replacing "neasate" with "nesate" to fix the typo.

[coderabbitai]

⚠️ Potential issue

Italian text accidentally injected into Lithuanian bundle

loginTotpStep1 is now Italian (“Installa una delle seguenti applicazioni …”), breaking the Lithuanian locale and likely confusing users.

-loginTotpStep1=Installa una delle seguenti applicazioni sul tuo cellulare:
+loginTotpStep1=Įdiekite vieną iš šių programėlių savo mobiliajame telefone:

Please restore a correct Lithuanian translation and re-verify other keys for similar regressions.

🤖 Prompt for AI Agents

In
themes/src/main/resources-community/theme/base/login/messages/messages_lt.properties
around lines 71 to 73, the value for loginTotpStep1 is mistakenly in Italian
instead of Lithuanian, which breaks the Lithuanian locale. Replace the Italian
text with the correct Lithuanian translation for loginTotpStep1 and review the
other keys in this section to ensure all are properly in Lithuanian without
similar language mix-ups.

[coderabbitai]

⚠️ Potential issue

ChoiceFormat ordering prevents 5-plus case from ever matching

With ...|1<hodnoty|4<hodnôt the 1< rule swallows every number ≥ 2, so the 4< branch is dead code and plurals for 5+ will still use “hodnoty”.

Recommend:

-error-invalid-multivalued-size=Atribút {0} musí mať najmenej {1} {1,choice,0#hodnôt|1#hodnotu|1<hodnoty|4<hodnôt} a najviac {2} {2,choice,0#hodnôt|1#hodnotu|1<hodnoty|4<hodnôt}.
+error-invalid-multivalued-size=Atribút {0} musí mať najmenej {1} {1,choice,0#hodnôt|1#hodnotu|1<hodnoty|4<hodnôt} a najviac {2} {2,choice,0#hodnôt|1#hodnotu|1<hodnoty|4<hodnôt}.

Move the 5-plus rule (4<hodnôt) before the 2-4 rule or use explicit ranges (2#hodnoty|5<hodnôt).

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In
themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties
at line 501, the ChoiceFormat pattern for plural forms is incorrectly ordered,
causing the 5-plus case to never match because the '1<' rule captures all
numbers 2 and above. To fix this, reorder the plural rules by placing the '4<'
(5-plus) condition before the '1<' (2-4) condition or use explicit numeric
ranges like '2#hodnoty|5<hodnôt' to correctly handle plurals for numbers 5 and
above.