Use attributes in translations with sanitize

There's a slight chance an attribute like an author's name might contain an attempt to perform XSS attacks. So, instead of marking the whole text as HTML safe, we can sanitize it. Also note I'm removing the `_html` suffix in the i18n key, since it's got the same effect as using `html_safe`.
2019-10-02 02:18:48 +02:00
parent 75a28fafcb
commit 56f690b8a9
3 changed files with 8 additions and 8 deletions
--- a/config/locales/en/mailers.yml
+++ b/config/locales/en/mailers.yml
@@ -46,8 +46,8 @@ en:
    budget_investment_created:
      subject: "Thank you for creating an investment!"
      title: "Thank you for creating an investment!"
-      intro_html: "Hi <strong>%{author}</strong>,"
-      text_html: "Thank you for creating your investment <strong>%{investment}</strong> for Participatory Budgets <strong>%{budget}</strong>."
+      intro: "Hi <strong>%{author}</strong>,"
+      text: "Thank you for creating your investment <strong>%{investment}</strong> for Participatory Budgets <strong>%{budget}</strong>."
      follow_html: "We will inform you about how the process progresses, which you can also follow on <strong>%{link}</strong>."
      follow_link: "Participatory Budgets"
      sincerely: "Sincerely,"