928312e218
Sometimes we're interpolating a link inside a translation, and marking the whole translations as HTML safe. However, some translations added by admins to the database or through crowdin are not entirely under our control. Although AFAIK crowdin checks for potential cross-site scripting attacks, it's a good practice to sanitize parts of a string potentially out of our control before marking the string as HTML safe.
156 lines
5.6 KiB
Plaintext
156 lines
5.6 KiB
Plaintext
<% if has_banners? %>
|
|
<%= render "shared/banner" %>
|
|
<% end %>
|
|
|
|
<% provide :title do %><%= t("budgets.index.title") %><% end %>
|
|
|
|
<% content_for :canonical do %>
|
|
<%= render "shared/canonical", href: budgets_url %>
|
|
<% end %>
|
|
|
|
<% if current_budget.present? %>
|
|
<div id="budget_heading" class="expanded budget no-margin-top">
|
|
<div class="row" data-equalizer data-equalizer-on="medium">
|
|
<div class="small-12 medium-9 column padding" data-equalizer-watch>
|
|
|
|
<h1><%= current_budget.name %></h1>
|
|
<div class="description">
|
|
<%= auto_link_already_sanitized_html(current_budget.description) %>
|
|
</div>
|
|
<p>
|
|
<%= link_to t("budgets.index.section_header.help"), "#section_help" %>
|
|
</p>
|
|
</div>
|
|
<div class="small-12 medium-3 column info padding" data-equalizer-watch>
|
|
<p>
|
|
<strong><%= t("budgets.show.phase") %></strong>
|
|
</p>
|
|
<h2><%= t("budgets.phase.#{current_budget.phase}") %></h2>
|
|
|
|
<%= link_to t("budgets.index.section_header.all_phases"), "#all_phases" %>
|
|
|
|
<% if current_budget.accepting? %>
|
|
<% if current_user %>
|
|
<% if current_user.level_two_or_three_verified? %>
|
|
<%= link_to t("budgets.investments.index.sidebar.create"),
|
|
new_budget_investment_path(current_budget),
|
|
class: "button margin-top expanded" %>
|
|
<% else %>
|
|
<div class="callout warning margin-top">
|
|
<%= sanitize(t("budgets.investments.index.sidebar.verified_only",
|
|
verify: link_to_verify_account)) %>
|
|
</div>
|
|
<% end %>
|
|
<% else %>
|
|
<div class="callout primary margin-top">
|
|
<%= sanitize(t("budgets.investments.index.sidebar.not_logged_in",
|
|
sign_in: link_to_signin, sign_up: link_to_signup)) %>
|
|
</div>
|
|
<% end %>
|
|
<% end %>
|
|
|
|
<% if can?(:read_results, current_budget) %>
|
|
<%= link_to t("budgets.show.see_results"),
|
|
budget_results_path(current_budget, heading_id: current_budget.headings.first),
|
|
class: "button margin-top expanded" %>
|
|
<% end %>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="budget_info" class="budget-info">
|
|
<div class="row margin-top">
|
|
<div class="small-12 column">
|
|
|
|
<div id="groups_and_headings" class="groups-and-headings">
|
|
<% current_budget.groups.each do |group| %>
|
|
<h2 id="<%= group.name.parameterize %>"><%= group.name %></h2>
|
|
<ul class="no-bullet" data-equalizer data-equalizer-on="medium">
|
|
<% group.headings.sort_by_name.each do |heading| %>
|
|
<li class="heading small-12 medium-4 large-2" data-equalizer-watch>
|
|
<% unless current_budget.informing? || current_budget.finished? %>
|
|
<%= link_to budget_investments_path(current_budget.id,
|
|
heading_id: heading.id) do %>
|
|
<%= heading_name_and_price_html(heading, current_budget) %>
|
|
<% end %>
|
|
<% else %>
|
|
<div class="heading-name">
|
|
<%= heading_name_and_price_html(heading, current_budget) %>
|
|
</div>
|
|
<% end %>
|
|
</li>
|
|
<% end %>
|
|
</ul>
|
|
<% end %>
|
|
</div>
|
|
|
|
<% unless current_budget.informing? %>
|
|
<div class="map inline">
|
|
<h3><%= t("budgets.index.map") %></h3>
|
|
<%= render_map(nil, "budgets", false, nil, @budgets_coordinates) %>
|
|
</div>
|
|
|
|
<ul class="no-bullet margin-top">
|
|
<% show_links = show_links_to_budget_investments(current_budget) %>
|
|
<% if show_links %>
|
|
<li>
|
|
<%= link_to budget_path(current_budget) do %>
|
|
<small><%= t("budgets.index.investment_proyects") %></small>
|
|
<% end %>
|
|
</li>
|
|
<% end %>
|
|
<li>
|
|
<%= link_to budget_path(current_budget, filter: "unfeasible") do %>
|
|
<small><%= t("budgets.index.unfeasible_investment_proyects") %></small>
|
|
<% end %>
|
|
</li>
|
|
<% if show_links %>
|
|
<li>
|
|
<%= link_to budget_path(current_budget, filter: "unselected") do %>
|
|
<small><%= t("budgets.index.not_selected_investment_proyects") %></small>
|
|
<% end %>
|
|
</li>
|
|
<% end %>
|
|
</ul>
|
|
<% end %>
|
|
|
|
<div id="all_phases">
|
|
<h2><%= t("budgets.index.all_phases") %></h2>
|
|
<%= render "phases", budget: current_budget %>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<% if @finished_budgets.present? %>
|
|
<%= render "finished", budgets: @finished_budgets %>
|
|
<% end %>
|
|
</div>
|
|
<% else %>
|
|
<div class="expanded budget no-margin-top margin-bottom">
|
|
<div class="row">
|
|
<div class="small-12 medium-9 column padding">
|
|
<h1><%= t("budgets.index.title") %></h1>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<div class="small-12 column">
|
|
<div class="callout primary">
|
|
<%= t("budgets.index.empty_budgets") %>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<% end %>
|
|
|
|
<div class="row">
|
|
<div class="small-12 column">
|
|
<div id="section_help" class="margin" data-magellan-target="section_help">
|
|
<p class="lead">
|
|
<strong><%= t("budgets.index.section_footer.title") %></strong>
|
|
</p>
|
|
<p><%= t("budgets.index.section_footer.description") %></p>
|
|
</div>
|
|
</div>
|
|
</div>
|