consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,492 Commits 1 Branch 0 Tags
b31f853bc6ad15cb479e958a1ea2acbcf53d5012
Commit Graph

8 Commits

Author SHA1 Message Date
Javi Martín
6b1864fbcd Sanitize translations instead of using _html 
Using the `_html` suffix in an i18n key is the same as using `html_safe`
on it, which means that translation could potentially be used for XSS
attacks.
 2019-10-09 19:46:47 +02:00
Javi Martín
928312e218 Use sanitize in translations with links 
Sometimes we're interpolating a link inside a translation, and marking
the whole translations as HTML safe.

However, some translations added by admins to the database or through
crowdin are not entirely under our control.

Although AFAIK crowdin checks for potential cross-site scripting
attacks, it's a good practice to sanitize parts of a string potentially
out of our control before marking the string as HTML safe.
 2019-10-08 18:46:21 +02:00
Javi Martín
f8bd3d4f39 Extract links to signin and signup to methods 2019-10-05 14:07:24 +02:00
Javi Martín
78c6f6f7e9 Use the same key for "signin" and "signup" texts 
We were using the same texts in several places
 2019-10-05 14:07:23 +02:00
Julian Herrero
f6489bc604 Use double quotes in app/views 2019-03-19 12:33:07 +01:00
decabeza
bc1679550b Remove incoming polls filter 2019-02-08 14:28:19 +01:00
decabeza
f2220c6a06 adds missing condition on polls callout partial 2017-10-04 17:18:01 +02:00
Alberto Garcia Cabeza
ba9ed83a3a separates answerable questions and moves callout to a partial 2016-12-26 17:22:40 +01:00