consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,492 Commits 1 Branch 0 Tags
b31f853bc6ad15cb479e958a1ea2acbcf53d5012
Commit Graph

64 Commits

Author SHA1 Message Date
Javi Martín
7bf4e4d611 Sanitize descriptions in the views 
Sanitizing descriptions before saving a record has a few drawbacks:

1. It makes the application rely on data being safe in the database. If
somehow dangerous data enters the database, the application will be
vulnerable to XSS attacks
2. It makes the code complicated
3. It isn't backwards compatible; if we decide to disallow a certain
HTML tag in the future, we'd need to sanitize existing data.

On the other hand, sanitizing the data in the view means we don't need
to triple-check dangerous HTML has already been stripped when we see the
method `auto_link_already_sanitized_html`, since now every time we use
it we sanitize the text in the same line we call this method.

We could also sanitize the data twice, both when saving to the database
and when displaying values in the view. However, doing so wouldn't make
the application safer, since we sanitize text introduced through
textarea fields but we don't sanitize text introduced through input
fields.

Finally, we could also overwrite the `description` method so it
sanitizes the text. But we're already introducing Globalize which
overwrites that method, and overwriting it again is a bit too confusing
in my humble opinion. It can also lead to hard-to-debug behaviour.
 2019-10-21 21:32:02 +02:00
cyrillefr
44b2a07878 Moderate legislation proposals (#3602) 
Moderate legislation proposals

- added a controller for moderation/legislation
- updated view to appropriate link + added route
- added a spec
- Feature test
- test for faded
- javascripts for visual effects
 2019-10-05 04:02:39 +02:00
Javi Martín
71d9ddd849 Apply rule to end files with a newline character 2019-09-10 20:02:15 +02:00
Julian Herrero
129a258f19 Use double quotes in app/views/moderation 2019-03-19 12:16:50 +01:00
Alberto
fb19aafee7 Merge pull request #2778 from wairbut-m2c/backport/investments-moderation 
Allow budget investments to be moderated
 2018-07-27 12:34:17 +02:00
Angel Perez
f063391e41 Add missing thead & tbody tags on investments moderation index 2018-07-20 18:42:34 -04:00
Angel Perez
7f70106299 Fix page entries information positioning for investments moderation 2018-07-20 18:42:34 -04:00
Angel Perez
c64e93867a Allow moderators to moderate investments 2018-07-20 18:42:34 -04:00
Angel Perez
1990092fdf Allow moderators to hide inappropriate investments 2018-07-20 18:42:33 -04:00
Angel Perez
4a6313fed7 Add missing thead & tbody tags on moderation index views 2018-07-03 09:22:42 -04:00
Angel Perez
452d7dd252 Fix page entries information and filter positioning 2018-07-03 09:22:42 -04:00
iagirre
12ccf466f9 Add the index to moderate the notifications 
Add the index for moderating the notifications. The tranlations needed
have also been added, along with the JS to make it disappear at that moment.
 2018-07-02 18:18:01 +02:00
iagirre
f58bc5d886 Add the menu entry for prop. notifications 
A new menu for the sidebar has been added, so that the moderator
can access to the index from the menu.
 2018-07-02 18:17:56 +02:00
decabeza
156997d936 Removes old help on moderation dashboard 2018-06-08 18:32:26 +02:00
decabeza
0bf31bde6c Updates all active to is-active classes 2018-06-06 12:02:13 +02:00
Bertocq
089ccdae7c Fix html alignments 2018-02-10 16:58:00 +01:00
Sergio Castellano Herrera
2905b24ee7 Error to access hide comments 2018-01-29 16:48:48 +01:00
Angel Perez
ab9d612128 'Proposals' feature can be enabled/disabled 
Fixes #1886
 2017-11-17 13:10:55 -04:00
Manuel Ortega
0a2dae8672 Fixed link back from moderation dashboard to root_path 
Passing the organization name to the locale yml file
 2017-11-15 19:23:03 +01:00
Juanjo Bazán
7f01dbdca2 makes sure setting helper is used in views 2016-07-08 14:42:28 +02:00
Alberto Garcia Cabeza
31cb29d8c5 Fixes specs 2016-06-01 21:46:17 +02:00
Alberto Garcia Cabeza
b71c61e405 Improves styles for moderation section 2016-06-01 17:30:01 +02:00
Alberto Garcia Cabeza
3ec0971b37 Replaces icons i tags for span 2016-03-14 19:32:48 +01:00
Alberto Garcia Cabeza
3752f3a53b Adds foundation 6 🎉 2016-02-26 19:33:33 +01:00
Josep Jaume Rey Peroy
2d45828cad Feature-flag debates 2016-01-18 13:05:00 +01:00
Alberto Garcia Cabeza
8dd027d974 Updates admin and moderation texts 2015-09-25 09:40:51 +02:00
Alberto Garcia Cabeza
058d6f6ffc Fixes moderation tables 2015-09-24 12:55:39 +02:00
Alberto Garcia Cabeza
7dfdce8c07 Improves styles for admin buttons and selects 2015-09-24 12:40:16 +02:00
kikito
3b405f3e29 changes css style name to avoid conflicts 2015-09-22 14:23:11 +02:00
kikito
343025872b changes comment moderation to be similar to proposals moderation 2015-09-22 14:20:37 +02:00
kikito
69e74c4207 Style in comment moderation 2015-09-21 16:12:55 +02:00
kikito
12f1796e7b Merge branch 'master' into debates-moderation-530 2015-09-21 15:52:25 +02:00
kikito
757205a93e Unifies bulk & debates moderation forms in a single one 2015-09-21 15:41:01 +02:00
kikito
1d5904d478 displays the complete text of the proposal in the moderation interface 2015-09-21 12:47:13 +02:00
Alberto Garcia Cabeza
98ae8c8014 Fixes proposal moderation 2015-09-15 14:19:56 +02:00
kikito
84e905ff70 adds proposals moderation to mod menu 2015-09-13 22:14:22 +02:00
kikito
9d253b0477 Implements Proposals moderation controller 2015-09-13 22:08:30 +02:00
kikito
df7fde472b Adds missing view: moderation/proposals/hide.js 2015-09-13 22:07:44 +02:00
David Gil
31cf51f07a adds text_with_links helper and use that in any comment.body in views, adds test to check for malicious injections in comment body 2015-09-10 18:28:10 +02:00
Alberto Garcia Cabeza
a61c006f7f Replaces bullet for bull 2015-09-09 20:33:21 +02:00
kikito
48ba9a436d adds select all/none to bulk moderation 2015-09-08 20:46:18 +02:00
kikito
b9ebe8c2c4 Implements basic bulk debates functionality 2015-09-08 19:44:50 +02:00
Juanjo Bazán
f2426e09fa adds users to moderator's menu 2015-09-07 17:57:08 +02:00
Juanjo Bazán
af6cb16e9b adds banned users section to moderation zone 2015-09-07 17:56:53 +02:00
kikito
79febe7bb8 Adds shared/filter_subnav partial to DRY filters 2015-09-02 13:39:27 +02:00
kikito
ebacc8c9c7 Uses has_filters in all controllers with filters & renames @filter to @current_filter 2015-09-02 13:21:46 +02:00
Alberto Garcia Cabeza
da0c937983 Adds new texts for admin and moderation pages 2015-08-31 21:49:36 +02:00
kikito
a7929c607d adds a helper to simplify the way selects and filters are rendered 2015-08-28 20:07:45 +02:00
kikito
cd982768f2 Renames the "archive" action to "ignore_flag" (+) 
* archived_at -> ignored_flag_at
* archived? -> ignored_flag?
* archive -> ignore_flag
* pending -> pending_flag_review
* archived (scope) -> with_ignored_flag
* I18n changes
 2015-08-27 11:43:58 +02:00
kikito
909dfb4ce3 Several renamings 
InappropiateFlag -> Flag
x.flag_as_inappropiate -> x.flag
x.undo_flag_as_inappropiate -> x.unflag
X.flagged_as_inappropiate -> x.flagged
flag-as-inappropiate-actions views & css -> flag-actions views & css
 2015-08-27 10:48:49 +02:00