Add rubocop and erb-lints rules for output safetey

This way we make sure we won't add `html_safe` or `raw` calls in the future. I'm excluding `text_with_links_helpers` for this check, because in this situation the use of `html_safe` is justified: we check the original input is safe, and we're only adding link tags to raw URLs.
2019-10-06 16:01:40 +02:00
parent 89402bdbf6
commit b1b449b187
2 changed files with 8 additions and 0 deletions
--- a/.erb-lint.yml
+++ b/.erb-lint.yml
@@ -1,5 +1,7 @@
 ---
 linters:
+  ErbSafety:
+    enabled: true
  ExtraNewline:
    enabled: true
  FinalNewline:
--- a/.rubocop_basic.yml
+++ b/.rubocop_basic.yml
@@ -160,6 +160,12 @@ Rails/Date:
 Rails/HttpPositionalArguments:
  Enabled: true

+Rails/OutputSafety:
+  Enabled: true
+  Severity: warning
+  Exclude:
+    - app/helpers/text_with_links_helper.rb
+
 Rails/PluralizationGrammar:
  Enabled: true