diff --git a/docs/locales/es/LC_MESSAGES/web-security.po b/docs/locales/es/LC_MESSAGES/web-security.po index 46842ba..93f9e52 100644 --- a/docs/locales/es/LC_MESSAGES/web-security.po +++ b/docs/locales/es/LC_MESSAGES/web-security.po @@ -9,8 +9,8 @@ msgstr "" "Project-Id-Version: Flask 3.0.x\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-05-10 19:35-0400\n" -"PO-Revision-Date: 2024-05-10 22:48-0400\n" -"Last-Translator: Pedro Torcatt \n" +"PO-Revision-Date: 2024-05-20 19:50-0400\n" +"Last-Translator: Luis Alday \n" "Language-Team: ES\n" "Language: es\n" "MIME-Version: 1.0\n" @@ -18,11 +18,11 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "Generated-By: Babel 2.12.1\n" -"X-Generator: Poedit 3.4.2\n" +"X-Generator: Poedit 3.4.4\n" #: ../../web-security.rst:2 msgid "Security Considerations" -msgstr "" +msgstr "Consideraciones de Seguridad" #: ../../web-security.rst:4 msgid "" @@ -30,47 +30,70 @@ msgid "" "hard to get everything right. Flask tries to solve a few of these things " "for you, but there are a couple more you have to take care of yourself." msgstr "" +"Las aplicaciones web suelen enfrentarse a todo tipo de problemas de " +"seguridad y es muy difícil hacerlo todo bien. Flask intenta resolver " +"algunas de estas cosas por usted, pero hay un par más de las que debe " +"ocuparse usted mismo." #: ../../web-security.rst:11 msgid "Cross-Site Scripting (XSS)" -msgstr "" +msgstr "Cross-Site Scripting (XSS)" #: ../../web-security.rst:13 msgid "" -"Cross site scripting is the concept of injecting arbitrary HTML (and with it" -" JavaScript) into the context of a website. To remedy this, developers have" -" to properly escape text so that it cannot include arbitrary HTML tags. For" -" more information on that have a look at the Wikipedia article on `Cross-" -"Site Scripting `_." +"Cross site scripting is the concept of injecting arbitrary HTML (and with " +"it JavaScript) into the context of a website. To remedy this, developers " +"have to properly escape text so that it cannot include arbitrary HTML " +"tags. For more information on that have a look at the Wikipedia article on " +"`Cross-Site Scripting `_." msgstr "" +"Cross site scripting es el concepto de inyectar HTML arbitrario (y con él " +"JavaScript) en el contexto de un sitio web. Para remediar esto, los " +"desarrolladores deben escapar el texto correctamente para que no pueda " +"incluir etiquetas HTML arbitrarias. Para obtener más información al " +"respecto, consulta el artículo de Wikipedia sobre `Cross-Site Scripting " +"`_." #: ../../web-security.rst:20 msgid "" -"Flask configures Jinja2 to automatically escape all values unless explicitly" -" told otherwise. This should rule out all XSS problems caused in templates," -" but there are still other places where you have to be careful:" +"Flask configures Jinja2 to automatically escape all values unless " +"explicitly told otherwise. This should rule out all XSS problems caused in " +"templates, but there are still other places where you have to be careful:" msgstr "" +"Flask configura Jinja2 para escapar automáticamente todos los valores a " +"menos que se indique explícitamente lo contrario. Esto debería descartar " +"todos los problemas XSS causados ​​en las plantillas, pero todavía hay otros " +"lugares en los que debes tener cuidado:" #: ../../web-security.rst:25 msgid "generating HTML without the help of Jinja2" -msgstr "" +msgstr "generando HTML sin la ayuda de Jinja2" #: ../../web-security.rst:26 msgid "calling :class:`~markupsafe.Markup` on data submitted by users" msgstr "" +"llamando a :class:`~markupsafe.Markup` en los datos enviados por los " +"usuarios" #: ../../web-security.rst:27 msgid "" "sending out HTML from uploaded files, never do that, use the ``Content-" "Disposition: attachment`` header to prevent that problem." msgstr "" +"enviar HTML desde archivos cargados, nunca hagas eso, usa el encabezado " +"``Content-Disposition: adjunto`` para evitar ese problema." #: ../../web-security.rst:29 msgid "" "sending out textfiles from uploaded files. Some browsers are using content-" -"type guessing based on the first few bytes so users could trick a browser to" -" execute HTML." +"type guessing based on the first few bytes so users could trick a browser " +"to execute HTML." msgstr "" +"enviar archivos de texto a partir de archivos cargados. Algunos navegadores " +"estan utilizando adivinar el tipo de contenido basándose en los primeros " +"bytes para que los usuarios puedan engañar a un navegador para que ejecute " +"HTML." #: ../../web-security.rst:33 msgid "" @@ -80,6 +103,12 @@ msgid "" "possible attack vector, be sure to always quote your attributes with either " "double or single quotes when using Jinja expressions in them:" msgstr "" +"Otra cosa que es muy importante son los atributos sin comillas. Si bien " +"Jinja2 puede protegerte de problemas XSS al escapar HTML, hay una cosa de " +"la que no puede protegerte: XSS mediante inyección de atributos. Para " +"contrarrestar este posible vector de ataque, asegúrate de poner tus " +"atributos entre comillas dobles o simples cuando utilices expresiones Jinja " +"en ellos:" #: ../../web-security.rst:43 msgid "" @@ -87,32 +116,48 @@ msgid "" "could easily inject custom JavaScript handlers. For example an attacker " "could inject this piece of HTML+JavaScript:" msgstr "" +"¿Por qué es esto necesario? Porque si no lo hiciera, un atacante podría " +"inyectar fácilmente controladores de JavaScript personalizados. Por " +"ejemplo, un atacante podría inyectar este fragmento de HTML+JavaScript:" #: ../../web-security.rst:51 msgid "" "When the user would then move with the mouse over the input, the cookie " "would be presented to the user in an alert window. But instead of showing " "the cookie to the user, a good attacker might also execute any other " -"JavaScript code. In combination with CSS injections the attacker might even" -" make the element fill out the entire page so that the user would just have " -"to have the mouse anywhere on the page to trigger the attack." -msgstr "" +"JavaScript code. In combination with CSS injections the attacker might " +"even make the element fill out the entire page so that the user would just " +"have to have the mouse anywhere on the page to trigger the attack." +msgstr "" +"Cuando el usuario pase el mouse sobre la entrada, la cookie se presentaría " +"al usuario en una ventana de alerta. Pero en lugar de mostrar la cookie al " +"usuario, un buen atacante también podría ejecutar cualquier otro código " +"JavaScript. En combinación con inyecciones de CSS, el atacante podría " +"incluso hacer que el elemento llene toda la página, de modo que el usuario " +"solo tuviera que colocar el mouse en cualquier lugar de la página para " +"desencadenar el ataque." #: ../../web-security.rst:58 msgid "" "There is one class of XSS issues that Jinja's escaping does not protect " -"against. The ``a`` tag's ``href`` attribute can contain a `javascript:` URI," -" which the browser will execute when clicked if not secured properly." +"against. The ``a`` tag's ``href`` attribute can contain a `javascript:` " +"URI, which the browser will execute when clicked if not secured properly." msgstr "" +"Hay una clase de problemas de XSS contra los cuales el entrecomillado de " +"Jinja no protege. El atributo ``href`` de la etiqueta ``a`` puede contener " +"un URI ``javascript:`, que el navegador ejecutará al hacer clic si no está " +"protegido adecuadamente." #: ../../web-security.rst:67 msgid "" "To prevent this, you'll need to set the :ref:`security-csp` response header." msgstr "" +"Para evitar esto, deberás configurar la :ref:`security-csp` del encabezado " +"de respuesta." #: ../../web-security.rst:70 msgid "Cross-Site Request Forgery (CSRF)" -msgstr "" +msgstr "Cross-Site Request Forgery (CSRF)" #: ../../web-security.rst:72 msgid "" @@ -120,24 +165,26 @@ msgid "" "outline it here in detail just mention what it is and how to theoretically " "prevent it." msgstr "" +"Otro gran problema es CSRF. Este es un tema muy complejo y no lo describiré " +"aquí en detalle, solo mencionaré qué es y cómo prevenirlo teóricamente." #: ../../web-security.rst:76 msgid "" "If your authentication information is stored in cookies, you have implicit " "state management. The state of \"being logged in\" is controlled by a " "cookie, and that cookie is sent with each request to a page. Unfortunately " -"that includes requests triggered by 3rd party sites. If you don't keep that" -" in mind, some people might be able to trick your application's users with " -"social engineering to do stupid things without them knowing." +"that includes requests triggered by 3rd party sites. If you don't keep " +"that in mind, some people might be able to trick your application's users " +"with social engineering to do stupid things without them knowing." msgstr "" #: ../../web-security.rst:84 msgid "" "Say you have a specific URL that, when you sent ``POST`` requests to will " "delete a user's profile (say ``http://example.com/user/delete``). If an " -"attacker now creates a page that sends a post request to that page with some" -" JavaScript they just have to trick some users to load that page and their " -"profiles will end up being deleted." +"attacker now creates a page that sends a post request to that page with " +"some JavaScript they just have to trick some users to load that page and " +"their profiles will end up being deleted." msgstr "" #: ../../web-security.rst:90 @@ -165,7 +212,7 @@ msgstr "" #: ../../web-security.rst:107 msgid "JSON Security" -msgstr "" +msgstr "Seguridad de JSON" #: ../../web-security.rst:109 msgid "" @@ -178,22 +225,21 @@ msgstr "" msgid "" "ECMAScript 5 closed this vulnerability, so only extremely old browsers are " "still vulnerable. All of these browsers have `other more serious " -"vulnerabilities " -"`_, so " -"this behavior was changed and :func:`~flask.jsonify` now supports " -"serializing arrays." +"vulnerabilities `_, so this behavior was changed and :func:" +"`~flask.jsonify` now supports serializing arrays." msgstr "" #: ../../web-security.rst:120 msgid "Security Headers" -msgstr "" +msgstr "Cabeceras de Seguridad" #: ../../web-security.rst:122 msgid "" -"Browsers recognize various response headers in order to control security. We" -" recommend reviewing each of the headers below for use in your application. " -"The `Flask-Talisman`_ extension can be used to manage HTTPS and the security" -" headers for you." +"Browsers recognize various response headers in order to control security. " +"We recommend reviewing each of the headers below for use in your " +"application. The `Flask-Talisman`_ extension can be used to manage HTTPS " +"and the security headers for you." msgstr "" #: ../../web-security.rst:130 @@ -211,10 +257,12 @@ msgid "" "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-" "Security" msgstr "" +"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-" +"Security" #: ../../web-security.rst:142 msgid "Content Security Policy (CSP)" -msgstr "" +msgstr "Política de seguridad de contenido (CSP)" #: ../../web-security.rst:144 msgid "" @@ -225,17 +273,19 @@ msgstr "" #: ../../web-security.rst:150 msgid "https://csp.withgoogle.com/docs/index.html" -msgstr "" +msgstr "https://csp.withgoogle.com/docs/index.html" #: ../../web-security.rst:151 msgid "" "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-" "Policy" msgstr "" +"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-" +"Policy" #: ../../web-security.rst:154 msgid "X-Content-Type-Options" -msgstr "" +msgstr "X-Content-Type-Options" #: ../../web-security.rst:156 msgid "" @@ -243,6 +293,9 @@ msgid "" "detect it, which can be abused to generate a cross-site scripting (XSS) " "attack. ::" msgstr "" +"Obliga al navegador a respetar el tipo de contenido de respuesta en lugar " +"de intentar detectarlo, lo que puede utilizarse de forma abusiva para " +"generar un ataque cross-site scripting (XSS). ::" #: ../../web-security.rst:162 msgid "" @@ -252,7 +305,7 @@ msgstr "" #: ../../web-security.rst:165 msgid "X-Frame-Options" -msgstr "" +msgstr "X-Frame-Options" #: ../../web-security.rst:167 msgid "" @@ -266,10 +319,11 @@ msgstr "" msgid "" "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" msgstr "" +"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" #: ../../web-security.rst:179 msgid "Set-Cookie options" -msgstr "" +msgstr "Opciones de configuración de cookies" #: ../../web-security.rst:181 msgid "" @@ -280,13 +334,15 @@ msgstr "" #: ../../web-security.rst:185 msgid "``Secure`` limits cookies to HTTPS traffic only." -msgstr "" +msgstr "``Secure`` limita las cookies únicamente al tráfico HTTPS." #: ../../web-security.rst:186 msgid "" "``HttpOnly`` protects the contents of cookies from being read with " "JavaScript." msgstr "" +"``HttpOnly`` protege el contenido de protects the contents of cookies from " +"being read with JavaScript." #: ../../web-security.rst:188 msgid "" @@ -306,12 +362,12 @@ msgstr "" #: ../../web-security.rst:211 msgid "" -"For the session cookie, if :attr:`session.permanent " -"` is set, then :data:`PERMANENT_SESSION_LIFETIME` " -"is used to set the expiration. Flask's default cookie implementation " -"validates that the cryptographic signature is not older than this value. " -"Lowering this value may help mitigate replay attacks, where intercepted " -"cookies can be sent at a later time. ::" +"For the session cookie, if :attr:`session.permanent ` is set, then :data:`PERMANENT_SESSION_LIFETIME` is used to set " +"the expiration. Flask's default cookie implementation validates that the " +"cryptographic signature is not older than this value. Lowering this value " +"may help mitigate replay attacks, where intercepted cookies can be sent at " +"a later time. ::" msgstr "" #: ../../web-security.rst:229 @@ -319,38 +375,42 @@ msgid "" "Use :class:`itsdangerous.TimedSerializer` to sign and validate other cookie " "values (or any values that need secure signatures)." msgstr "" +"Utilice :class:`itsdangerous.TimedSerializer` para firmar y validar otros " +"valores de cookie (o cualquier valor que necesite firmas seguras)." #: ../../web-security.rst:232 msgid "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies" -msgstr "" +msgstr "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies" #: ../../web-security.rst:233 msgid "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie" -msgstr "" +msgstr "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie" #: ../../web-security.rst:239 msgid "HTTP Public Key Pinning (HPKP)" -msgstr "" +msgstr "HTTP Public Key Pinning (HPKP)" #: ../../web-security.rst:241 msgid "" "This tells the browser to authenticate with the server using only the " "specific certificate key to prevent MITM attacks." msgstr "" +"Esto le indica al navegador que se autentique en el servidor utilizando " +"solo la clave de certificado específica para prevenir ataques MITM." #: ../../web-security.rst:245 msgid "" -"Be careful when enabling this, as it is very difficult to undo if you set up" -" or upgrade your key incorrectly." +"Be careful when enabling this, as it is very difficult to undo if you set " +"up or upgrade your key incorrectly." msgstr "" #: ../../web-security.rst:248 msgid "https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning" -msgstr "" +msgstr "https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning" #: ../../web-security.rst:252 msgid "Copy/Paste to Terminal" -msgstr "" +msgstr "Copiar/Pegar a la Terminal" #: ../../web-security.rst:254 msgid "" @@ -358,6 +418,10 @@ msgid "" "cause text to render differently in HTML than how it is interpreted if " "`pasted into a terminal `__." msgstr "" +"Los caracteres ocultos como es la barra invertida (``\\b``, ``^H``) pueden " +"hacer que el texto se represente de manera diferente en HTML que cómo se " +"interpreta si `se pega en una terminal `__." #: ../../web-security.rst:258 msgid "" @@ -368,9 +432,9 @@ msgstr "" #: ../../web-security.rst:262 msgid "" -"If you expect users to copy and paste untrusted code from your site, such as" -" from comments posted by users on a technical blog, consider applying extra " -"filtering, such as replacing all ``\\b`` characters." +"If you expect users to copy and paste untrusted code from your site, such " +"as from comments posted by users on a technical blog, consider applying " +"extra filtering, such as replacing all ``\\b`` characters." msgstr "" #: ../../web-security.rst:270 @@ -378,6 +442,6 @@ msgid "" "Most modern terminals will warn about and remove hidden characters when " "pasting, so this isn't strictly necessary. It's also possible to craft " "dangerous commands in other ways that aren't possible to filter. Depending " -"on your site's use case, it may be good to show a warning about copying code" -" in general." +"on your site's use case, it may be good to show a warning about copying " +"code in general." msgstr ""