consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b31f853bc6ad15cb479e958a1ea2acbcf53d5012
grecia/app/views/devise/confirmations/show.html.erb
Javi Martín 6b1864fbcd Sanitize translations instead of using _html 
Using the `_html` suffix in an i18n key is the same as using `html_safe`
on it, which means that translation could potentially be used for XSS
attacks.
2019-10-09 19:46:47 +02:00

35 lines
1.2 KiB
Plaintext
Raw Blame History

<% provide :title do %><%= t("devise_views.confirmations.show.title") %><% end %>
<h1 class="text-center"><%= t("devise_views.confirmations.show.title") %></h1>
<p><%= sanitize(t("devise_views.confirmations.show.instructions", email: resource.email)) %></p>
<%= form_for(resource,
as: resource_name,
url: update_user_confirmation_path,
html: { method: :patch }) do |f| %>
<p><%= t("devise_views.confirmations.show.please_set_password") %></p>
<%= render "shared/errors", resource: resource %>
<div class="row">
<div class="small-12 columns">
<%= f.password_field :password,
autofocus: true,
label: t("devise_views.confirmations.show.new_password_label") %>
</div>
<div class="small-12 columns">
<%= f.password_field :password_confirmation,
label: t("devise_views.confirmations.show.new_password_confirmation_label") %>
</div>
</div>
<%= hidden_field_tag :confirmation_token, params[:confirmation_token] %>
<div class="small-12 columns">
<%= f.submit(t("devise_views.confirmations.show.submit"), class: "button expanded") %>
</div>
<% end %>
<%= render "devise/shared/links" %>
Reference in New Issue View Git Blame Copy Permalink