From 6b1864fbcd4e588373d928596f6fc1ffff7ec00d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sun, 6 Oct 2019 00:03:50 +0200 Subject: [PATCH] Sanitize translations instead of using `_html` Using the `_html` suffix in an i18n key is the same as using `html_safe` on it, which means that translation could potentially be used for XSS attacks. --- app/helpers/globalize_helper.rb | 2 +- .../_filters_description.html.erb | 12 ++++----- .../legislation/draft_versions/_form.html.erb | 4 +-- app/views/admin/newsletters/new.html.erb | 4 +-- app/views/admin/organizations/index.html.erb | 2 +- .../site_customization/pages/_form.html.erb | 2 +- app/views/budgets/ballot/_ballot.html.erb | 3 +-- .../budgets/investments/_header.html.erb | 4 +-- .../investments/_investment_detail.erb | 6 ++--- .../investments/_investment_show.html.erb | 6 ++--- .../budgets/investments/_sidebar.html.erb | 8 +++--- app/views/budgets/investments/index.html.erb | 4 +-- .../budgets/stats/_advanced_stats.html.erb | 2 +- app/views/dashboard/mailer/forward.html.erb | 2 +- app/views/dashboard/mailing/index.html.erb | 2 +- app/views/dashboard/poster/index.html.erb | 4 +-- app/views/dashboard/poster/index.pdf.erb | 4 +-- app/views/debates/index.html.erb | 4 ++- app/views/devise/confirmations/show.html.erb | 2 +- .../documents/_nested_documents.html.erb | 2 +- .../budget_investment_unfeasible.html.erb | 4 +-- app/views/mailer/comment.html.erb | 3 ++- .../mailer/direct_message_for_sender.html.erb | 4 +-- app/views/mailer/email_verification.html.erb | 8 +++--- app/views/mailer/evaluation_comment.html.erb | 6 ++++- app/views/mailer/reply.html.erb | 3 ++- app/views/management/proposals/index.html.erb | 4 ++- .../management/user_invites/create.html.erb | 2 +- app/views/management/users/show.html.erb | 4 +-- .../registrations/success.html.erb | 6 ++--- app/views/polls/_callout.html.erb | 4 +-- app/views/proposals/created.html.erb | 2 +- app/views/proposals/index.html.erb | 4 ++- .../shared/_common_globalize_locales.html.erb | 6 ++--- app/views/shared/_errors.html.erb | 2 +- .../users/registrations/success.html.erb | 4 +-- .../_dossier_detail.html.erb | 4 ++- .../budget_investments/_dossier_form.html.erb | 2 +- app/views/verification/letter/show.html.erb | 2 +- app/views/verification/residence/new.html.erb | 2 +- app/views/verification/sms/new.html.erb | 2 +- config/locales/en/admin.yml | 12 ++++----- config/locales/en/budgets.yml | 22 ++++++++-------- config/locales/en/devise_views.yml | 12 ++++----- config/locales/en/documents.yml | 2 +- config/locales/en/general.yml | 18 ++++++------- config/locales/en/mailers.yml | 14 +++++----- config/locales/en/management.yml | 6 ++--- config/locales/en/stats.yml | 2 +- config/locales/en/valuation.yml | 2 +- config/locales/en/verification.yml | 6 ++--- config/locales/es/admin.yml | 12 ++++----- config/locales/es/budgets.yml | 26 +++++++++---------- config/locales/es/devise_views.yml | 12 ++++----- config/locales/es/documents.yml | 2 +- config/locales/es/general.yml | 18 ++++++------- config/locales/es/mailers.yml | 14 +++++----- config/locales/es/management.yml | 6 ++--- config/locales/es/stats.yml | 2 +- config/locales/es/valuation.yml | 2 +- config/locales/es/verification.yml | 6 ++--- spec/shared/features/followable.rb | 4 +-- 62 files changed, 185 insertions(+), 172 deletions(-) diff --git a/app/helpers/globalize_helper.rb b/app/helpers/globalize_helper.rb index e7531e690..5b1fd508c 100644 --- a/app/helpers/globalize_helper.rb +++ b/app/helpers/globalize_helper.rb @@ -64,7 +64,7 @@ module GlobalizeHelper end def selected_languages_description(resource) - t("shared.translations.languages_in_use_html", count: active_languages_count(resource)) + sanitize(t("shared.translations.languages_in_use", count: active_languages_count(resource))) end def select_language_error(resource) diff --git a/app/views/admin/budget_investments/_filters_description.html.erb b/app/views/admin/budget_investments/_filters_description.html.erb index 2cc56a31e..5732388f8 100644 --- a/app/views/admin/budget_investments/_filters_description.html.erb +++ b/app/views/admin/budget_investments/_filters_description.html.erb @@ -1,16 +1,16 @@ <% if params[:filter].present? && params[:advanced_filters].present? %> -

<%= t("#{i18n_namespace}.filters.two_filters_html", +

<%= sanitize(t("#{i18n_namespace}.filters.two_filters", filter: t("#{i18n_namespace}.filters.#{params[:filter]}"), - advanced_filters: budget_investments_advanced_filters(params[:advanced_filters])) %>

+ advanced_filters: budget_investments_advanced_filters(params[:advanced_filters]))) %>

<% elsif params[:filter].present? %> -

<%= t("#{i18n_namespace}.filters.one_filter_html", - filter: t("#{i18n_namespace}.filters.#{params[:filter]}")) %>

+

<%= sanitize(t("#{i18n_namespace}.filters.one_filter", + filter: t("#{i18n_namespace}.filters.#{params[:filter]}"))) %>

<% elsif params[:advanced_filters].present? %> -

<%= t("#{i18n_namespace}.filters.one_filter_html", - filter: budget_investments_advanced_filters(params[:advanced_filters])) %>

+

<%= sanitize(t("#{i18n_namespace}.filters.one_filter", + filter: budget_investments_advanced_filters(params[:advanced_filters]))) %>

<% end %> diff --git a/app/views/admin/legislation/draft_versions/_form.html.erb b/app/views/admin/legislation/draft_versions/_form.html.erb index 938a7c282..a3997775e 100644 --- a/app/views/admin/legislation/draft_versions/_form.html.erb +++ b/app/views/admin/legislation/draft_versions/_form.html.erb @@ -36,9 +36,9 @@
- <%= t("admin.legislation.draft_versions.form.title_html", + <%= sanitize(t("admin.legislation.draft_versions.form.title", draft_version_title: @draft_version.title, - process_title: @process.title) %> + process_title: @process.title)) %>
diff --git a/app/views/admin/newsletters/new.html.erb b/app/views/admin/newsletters/new.html.erb index 1c58eaf44..f46ceb704 100644 --- a/app/views/admin/newsletters/new.html.erb +++ b/app/views/admin/newsletters/new.html.erb @@ -1,9 +1,9 @@ <%= back_link_to %>

<%= t("admin.newsletters.new.title") %>

- <%= t("admin.newsletters.new.header_footer_help_text_html", + <%= sanitize(t("admin.newsletters.new.header_footer_help_text", link: link_to(t("admin.newsletters.new.image_link"), - admin_site_customization_images_path)) %> + admin_site_customization_images_path))) %>

<%= render "form" %> diff --git a/app/views/admin/organizations/index.html.erb b/app/views/admin/organizations/index.html.erb index 9b3d3249f..7970fde46 100644 --- a/app/views/admin/organizations/index.html.erb +++ b/app/views/admin/organizations/index.html.erb @@ -67,7 +67,7 @@ <% if hidden > 0 %>
- <%= t("admin.organizations.index.hidden_count_html", count: hidden) %> + <%= sanitize(t("admin.organizations.index.hidden_count", count: hidden)) %>
<% end %> diff --git a/app/views/admin/site_customization/pages/_form.html.erb b/app/views/admin/site_customization/pages/_form.html.erb index 58fca5627..72be1eacf 100644 --- a/app/views/admin/site_customization/pages/_form.html.erb +++ b/app/views/admin/site_customization/pages/_form.html.erb @@ -32,7 +32,7 @@
<%= f.text_field :slug, size: 80, maxlength: 80, - hint: t("admin.site_customization.pages.new.slug_help_html") %> + hint: sanitize(t("admin.site_customization.pages.new.slug_help")) %>
diff --git a/app/views/budgets/ballot/_ballot.html.erb b/app/views/budgets/ballot/_ballot.html.erb index c29a2b4f0..cd70aea12 100644 --- a/app/views/budgets/ballot/_ballot.html.erb +++ b/app/views/budgets/ballot/_ballot.html.erb @@ -6,8 +6,7 @@

- <%= t("budgets.ballots.show.voted_html", - count: @ballot.investments.count) %> + <%= sanitize(t("budgets.ballots.show.voted", count: @ballot.investments.count)) %>

<%= t("budgets.ballots.show.voted_info") %> diff --git a/app/views/budgets/investments/_header.html.erb b/app/views/budgets/investments/_header.html.erb index e46e2d287..a5c63f160 100644 --- a/app/views/budgets/investments/_header.html.erb +++ b/app/views/budgets/investments/_header.html.erb @@ -36,8 +36,8 @@

- <%= t("budgets.investments.header.different_heading_assigned_html", - heading_link: heading_link(@assigned_heading, @budget)) %> + <%= sanitize(t("budgets.investments.header.different_heading_assigned", + heading_link: heading_link(@assigned_heading, @budget))) %>
<%= sanitize(t("budgets.investments.header.change_ballot", diff --git a/app/views/budgets/investments/_investment_detail.erb b/app/views/budgets/investments/_investment_detail.erb index 3e9098d8f..90838e9d2 100644 --- a/app/views/budgets/investments/_investment_detail.erb +++ b/app/views/budgets/investments/_investment_detail.erb @@ -19,7 +19,7 @@ <%= render_image(investment.image, :large, true) if investment.image.present? %>

- <%= t("budgets.investments.show.code_html", code: investment.id) %> + <%= sanitize(t("budgets.investments.show.code", code: investment.id)) %>

<%= auto_link_already_sanitized_html investment.description %> @@ -32,13 +32,13 @@ <% if investment.location.present? %>

- <%= t("budgets.investments.show.location_html", location: investment.location) %> + <%= sanitize(t("budgets.investments.show.location", location: investment.location)) %>

<% end %> <% if investment.organization_name.present? %>

- <%= t("budgets.investments.show.organization_name_html", name: investment.organization_name) %> + <%= sanitize(t("budgets.investments.show.organization_name", name: investment.organization_name)) %>

<% end %> diff --git a/app/views/budgets/investments/_investment_show.html.erb b/app/views/budgets/investments/_investment_show.html.erb index 7c9dfa2c2..98d18e655 100644 --- a/app/views/budgets/investments/_investment_show.html.erb +++ b/app/views/budgets/investments/_investment_show.html.erb @@ -75,7 +75,7 @@ <% if investment.unfeasible? && investment.valuation_finished? %>
- <%= t("budgets.investments.show.project_unfeasible_html") %> + <%= sanitize(t("budgets.investments.show.project_unfeasible")) %>
<% elsif investment.winner? && @budget.finished? %>
@@ -83,11 +83,11 @@
<% elsif investment.selected? %>
- <%= t("budgets.investments.show.project_selected_html") %> + <%= sanitize(t("budgets.investments.show.project_selected")) %>
<% elsif @budget.balloting_or_later? %>
- <%= t("budgets.investments.show.project_not_selected_html") %> + <%= sanitize(t("budgets.investments.show.project_not_selected")) %>
<% else %>
diff --git a/app/views/budgets/investments/_sidebar.html.erb b/app/views/budgets/investments/_sidebar.html.erb index b962db9e4..823c23a89 100644 --- a/app/views/budgets/investments/_sidebar.html.erb +++ b/app/views/budgets/investments/_sidebar.html.erb @@ -40,16 +40,16 @@ <% if @ballot.investments.by_heading(@heading.id).count > 0 %>

- <%= t("budgets.investments.index.sidebar.voted_html", + <%= sanitize(t("budgets.investments.index.sidebar.voted", count: @ballot.investments.by_heading(@heading.id).count, - amount_spent: @ballot.formatted_amount_spent(@heading)) %> + amount_spent: @ballot.formatted_amount_spent(@heading))) %>

<% elsif @assigned_heading.present? %>

- <%= t("budgets.investments.index.sidebar.different_heading_assigned_html", + <%= sanitize(t("budgets.investments.index.sidebar.different_heading_assigned", heading_link: heading_link(@assigned_heading, @budget) - ) %> + )) %>
<%= sanitize(t("budgets.investments.index.sidebar.change_ballot", diff --git a/app/views/budgets/investments/index.html.erb b/app/views/budgets/investments/index.html.erb index f1e53520b..d167cf53a 100644 --- a/app/views/budgets/investments/index.html.erb +++ b/app/views/budgets/investments/index.html.erb @@ -28,9 +28,9 @@

<%= t("shared.search_results") %>

<%= page_entries_info @investments %> - <%= t("budgets.investments.index.search_results_html", + <%= sanitize(t("budgets.investments.index.search_results", count: @investments.size, - search_term: params[:search]) %> + search_term: params[:search])) %>

diff --git a/app/views/budgets/stats/_advanced_stats.html.erb b/app/views/budgets/stats/_advanced_stats.html.erb index dfd424fc8..f8026f216 100644 --- a/app/views/budgets/stats/_advanced_stats.html.erb +++ b/app/views/budgets/stats/_advanced_stats.html.erb @@ -34,7 +34,7 @@ <%= t("stats.budgets.heading") %> - <%= t("stats.budgets.investments_sent_html") %> + <%= sanitize(t("stats.budgets.investments_sent")) %> <% stats.all_phases.each do |phase| %> diff --git a/app/views/dashboard/mailer/forward.html.erb b/app/views/dashboard/mailer/forward.html.erb index 33d5ec841..f3f25fe12 100644 --- a/app/views/dashboard/mailer/forward.html.erb +++ b/app/views/dashboard/mailer/forward.html.erb @@ -8,7 +8,7 @@ <%= image_tag "quote_before_white.png", style: "max-width: 40px; vertical-align: top;" %>

<%= @proposal.title %>

<%= image_tag "quote_after_white.png", style: "max-width: 40px; vertical-align: top;" %> -

<%= t("dashboard.mailer.forward.subtitle_html") %>

+

<%= sanitize(t("dashboard.mailer.forward.subtitle")) %>

diff --git a/app/views/dashboard/mailing/index.html.erb b/app/views/dashboard/mailing/index.html.erb index a5c55534c..850fee3fa 100644 --- a/app/views/dashboard/mailing/index.html.erb +++ b/app/views/dashboard/mailing/index.html.erb @@ -5,7 +5,7 @@ <%= image_tag "quote_before_white.png" %>

<%= proposal.title %>

<%= image_tag "quote_after_white.png" %> -

<%= t("dashboard.mailer.forward.subtitle_html") %>

+

<%= sanitize(t("dashboard.mailer.forward.subtitle")) %>

diff --git a/app/views/dashboard/poster/index.html.erb b/app/views/dashboard/poster/index.html.erb index 4ddb02fce..7cdfb2faa 100644 --- a/app/views/dashboard/poster/index.html.erb +++ b/app/views/dashboard/poster/index.html.erb @@ -10,7 +10,7 @@ <%= t("dashboard.poster.index.poster_subtitle") %>

- <%= t("dashboard.poster.index.intro_text_html", org: Setting["org_name"]) %> + <%= sanitize(t("dashboard.poster.index.intro_text", org: Setting["org_name"])) %>

@@ -29,7 +29,7 @@

<%= proposal.title %>

<%= image_tag "quote_after_blue.png" %>

- <%= t("dashboard.poster.index.footer_html", link: proposal_url(proposal)) %> + <%= sanitize(t("dashboard.poster.index.footer", link: proposal_url(proposal))) %>

diff --git a/app/views/dashboard/poster/index.pdf.erb b/app/views/dashboard/poster/index.pdf.erb index 13d434379..220bb462e 100644 --- a/app/views/dashboard/poster/index.pdf.erb +++ b/app/views/dashboard/poster/index.pdf.erb @@ -16,7 +16,7 @@

- <%= t("dashboard.poster.index.intro_text_html", org: Setting["org_name"]) %> + <%= sanitize(t("dashboard.poster.index.intro_text", org: Setting["org_name"])) %>

<%= t("dashboard.poster.index.proposal_code", code: proposal.code) %> @@ -34,7 +34,7 @@

<%= proposal.title %>

<%= wicked_pdf_image_tag "quote_after_blue.png" %>

- <%= t("dashboard.poster.index.footer_html", link: proposal_url(proposal)) %> + <%= sanitize(t("dashboard.poster.index.footer", link: proposal_url(proposal))) %>

diff --git a/app/views/debates/index.html.erb b/app/views/debates/index.html.erb index d4920644b..a1991937e 100644 --- a/app/views/debates/index.html.erb +++ b/app/views/debates/index.html.erb @@ -18,7 +18,9 @@

<%= page_entries_info @debates %> <% if !@advanced_search_terms %> - <%= t("debates.index.search_results_html", count: @debates.size, search_term: @search_terms) %> + <%= sanitize( + t("debates.index.search_results", count: @debates.size, search_term: @search_terms) + ) %> <% end %>

<% elsif @tag_filter %> diff --git a/app/views/devise/confirmations/show.html.erb b/app/views/devise/confirmations/show.html.erb index 82df09b06..b6c7d5729 100644 --- a/app/views/devise/confirmations/show.html.erb +++ b/app/views/devise/confirmations/show.html.erb @@ -1,7 +1,7 @@ <% provide :title do %><%= t("devise_views.confirmations.show.title") %><% end %>

<%= t("devise_views.confirmations.show.title") %>

-

<%= t("devise_views.confirmations.show.instructions_html", email: resource.email) %>

+

<%= sanitize(t("devise_views.confirmations.show.instructions", email: resource.email)) %>

<%= form_for(resource, as: resource_name, diff --git a/app/views/documents/_nested_documents.html.erb b/app/views/documents/_nested_documents.html.erb index 239a77de4..10bedfa9a 100644 --- a/app/views/documents/_nested_documents.html.erb +++ b/app/views/documents/_nested_documents.html.erb @@ -18,6 +18,6 @@ } %>
"> - <%= t "documents.max_documents_allowed_reached_html" %> + <%= sanitize(t("documents.max_documents_allowed_reached")) %>
diff --git a/app/views/mailer/budget_investment_unfeasible.html.erb b/app/views/mailer/budget_investment_unfeasible.html.erb index 80ee3ccc5..e31f59b7a 100644 --- a/app/views/mailer/budget_investment_unfeasible.html.erb +++ b/app/views/mailer/budget_investment_unfeasible.html.erb @@ -9,9 +9,9 @@

- <%= t("mailers.budget_investment_unfeasible.new_html", + <%= sanitize(t("mailers.budget_investment_unfeasible.new", url: link_to(t("mailers.budget_investment_unfeasible.new_href"), - new_budget_investment_url(@investment.budget), style: "color: #2895F1; text-decoration: underline;")) %> + new_budget_investment_url(@investment.budget), style: "color: #2895F1; text-decoration: underline;"))) %>

diff --git a/app/views/mailer/comment.html.erb b/app/views/mailer/comment.html.erb index c0bd1c8f0..c4e7d1354 100644 --- a/app/views/mailer/comment.html.erb +++ b/app/views/mailer/comment.html.erb @@ -9,7 +9,8 @@

- <%= t("mailers.comment.new_comment_by_html", commenter: @comment.author.name) %> <%= link_to @commentable.title, commentable_url(@commentable), style: "color: #2895F1; text-decoration:none;" %> + <%= sanitize(t("mailers.comment.new_comment_by", commenter: @comment.author.name)) %> + <%= link_to @commentable.title, commentable_url(@commentable), style: "color: #2895F1; text-decoration:none;" %>

diff --git a/app/views/mailer/direct_message_for_sender.html.erb b/app/views/mailer/direct_message_for_sender.html.erb index 89124ab7b..cb2d9080a 100644 --- a/app/views/mailer/direct_message_for_sender.html.erb +++ b/app/views/mailer/direct_message_for_sender.html.erb @@ -1,8 +1,8 @@

- <%= t("mailers.direct_message_for_sender.title_html", - receiver: @direct_message.receiver.name) %> + <%= sanitize(t("mailers.direct_message_for_sender.title", + receiver: @direct_message.receiver.name)) %>

diff --git a/app/views/mailer/email_verification.html.erb b/app/views/mailer/email_verification.html.erb index 406398ade..a7b7e94dc 100644 --- a/app/views/mailer/email_verification.html.erb +++ b/app/views/mailer/email_verification.html.erb @@ -4,16 +4,16 @@

- <%= t("mailers.email_verification.instructions_html", + <%= sanitize(t("mailers.email_verification.instructions", verification_link: link_to( t("mailers.email_verification.click_here_to_verify"), - email_url(email_verification_token: @token))) %> + email_url(email_verification_token: @token)))) %>

- <%= t("mailers.email_verification.instructions_2_html", + <%= sanitize(t("mailers.email_verification.instructions_2", document_type: humanize_document_type(@document_type), - document_number: @document_number) %> + document_number: @document_number)) %>

<%= t("mailers.email_verification.thanks") %> diff --git a/app/views/mailer/evaluation_comment.html.erb b/app/views/mailer/evaluation_comment.html.erb index 85c842818..4feafc181 100644 --- a/app/views/mailer/evaluation_comment.html.erb +++ b/app/views/mailer/evaluation_comment.html.erb @@ -9,7 +9,11 @@

- <%= t("mailers.evaluation_comment.new_comment_by_html", commenter: @email.comment.author.name, investment: valuation_comments_link(@email.commentable)) %> + <%= sanitize(t( + "mailers.evaluation_comment.new_comment_by", + commenter: @email.comment.author.name, + investment: valuation_comments_link(@email.commentable) + )) %>

<%= t("mailers.evaluation_comment.commenter_info", commenter: @email.comment.author.name, time: l(@email.comment.created_at)) %> diff --git a/app/views/mailer/reply.html.erb b/app/views/mailer/reply.html.erb index d53815249..38419aacf 100644 --- a/app/views/mailer/reply.html.erb +++ b/app/views/mailer/reply.html.erb @@ -9,7 +9,8 @@

- <%= t("mailers.reply.new_reply_by_html", commenter: @email.reply.author.name) %> <%= link_to @email.commentable.title, comment_url(@email.reply.id), style: "color: #2895F1; text-decoration:none;" %> + <%= sanitize(t("mailers.reply.new_reply_by", commenter: @email.reply.author.name)) %> + <%= link_to @email.commentable.title, comment_url(@email.reply.id), style: "color: #2895F1; text-decoration:none;" %>

diff --git a/app/views/management/proposals/index.html.erb b/app/views/management/proposals/index.html.erb index bf1b75a95..6ec7bd712 100644 --- a/app/views/management/proposals/index.html.erb +++ b/app/views/management/proposals/index.html.erb @@ -10,7 +10,9 @@ <% if @search_terms %>

<%= page_entries_info @proposals %> - <%= t("proposals.index.search_results_html", count: @proposals.size, search_term: @search_terms) %> + <%= sanitize( + t("proposals.index.search_results", count: @proposals.size, search_term: @search_terms) + ) %>

<% end %> diff --git a/app/views/management/user_invites/create.html.erb b/app/views/management/user_invites/create.html.erb index 701da0620..138c34856 100644 --- a/app/views/management/user_invites/create.html.erb +++ b/app/views/management/user_invites/create.html.erb @@ -4,6 +4,6 @@

<%= t("management.user_invites.create.title") %>

- <%= t("management.user_invites.create.success_html", count: @emails.count) %> + <%= sanitize(t("management.user_invites.create.success", count: @emails.count)) %>
diff --git a/app/views/management/users/show.html.erb b/app/views/management/users/show.html.erb index 380b7035a..ea7f758b4 100644 --- a/app/views/management/users/show.html.erb +++ b/app/views/management/users/show.html.erb @@ -1,7 +1,7 @@ <% if @user.email.blank? %> -

<%= t("management.users.autogenerated_password_html", password: @user.password) %>

+

<%= sanitize(t("management.users.autogenerated_password", password: @user.password)) %>

<% else %> -

<%= t("management.users.create_user_success_html", email: @user.email) %>

+

<%= sanitize(t("management.users.create_user_success", email: @user.email)) %>

<% end %> <%= render "management/user_permissions", diff --git a/app/views/organizations/registrations/success.html.erb b/app/views/organizations/registrations/success.html.erb index d526133bc..e4425b53a 100644 --- a/app/views/organizations/registrations/success.html.erb +++ b/app/views/organizations/registrations/success.html.erb @@ -1,7 +1,7 @@

<%= t("devise_views.organizations.registrations.success.title") %>

-

<%= t("devise_views.organizations.registrations.success.thank_you_html") %>

-

<%= t("devise_views.organizations.registrations.success.instructions_1_html") %>

-

<%= t("devise_views.organizations.registrations.success.instructions_2_html") %>

+

<%= sanitize(t("devise_views.organizations.registrations.success.thank_you")) %>

+

<%= sanitize(t("devise_views.organizations.registrations.success.instructions_1")) %>

+

<%= sanitize(t("devise_views.organizations.registrations.success.instructions_2")) %>

<%= t("devise_views.organizations.registrations.success.instructions_3") %>

<%= link_to t("devise_views.organizations.registrations.success.back_to_index"), diff --git a/app/views/polls/_callout.html.erb b/app/views/polls/_callout.html.erb index 19ff207da..5a837d0e3 100644 --- a/app/views/polls/_callout.html.erb +++ b/app/views/polls/_callout.html.erb @@ -7,8 +7,8 @@ <% elsif current_user.unverified? %>

- <%= t("polls.show.cant_answer_verify_html", - verify_link: link_to(t("polls.show.verify_link"), verification_path)) %> + <%= sanitize(t("polls.show.cant_answer_verify", + verify_link: link_to(t("polls.show.verify_link"), verification_path))) %>
<% elsif @poll.expired? %>
diff --git a/app/views/proposals/created.html.erb b/app/views/proposals/created.html.erb index 0f52cb96c..6dba6ab68 100644 --- a/app/views/proposals/created.html.erb +++ b/app/views/proposals/created.html.erb @@ -4,7 +4,7 @@

<%= t("proposals.created.title") %>

<%= t("proposals.created.motivation") %>

-

<%= t("proposals.created.motivation_2_html") %>

+

<%= sanitize(t("proposals.created.motivation_2")) %>

<% if can?(:dashboard, @proposal) %> <%= link_to t("proposals.created.dashboard"), diff --git a/app/views/proposals/index.html.erb b/app/views/proposals/index.html.erb index a83da2fc5..fb6256b72 100644 --- a/app/views/proposals/index.html.erb +++ b/app/views/proposals/index.html.erb @@ -24,7 +24,9 @@

<%= page_entries_info @proposals %> <% if !@advanced_search_terms %> - <%= t("proposals.index.search_results_html", count: @proposals.size, search_term: @search_terms) %> + <%= sanitize( + t("proposals.index.search_results", count: @proposals.size, search_term: @search_terms) + ) %> <% end %>

<% elsif @tag_filter %> diff --git a/app/views/shared/_common_globalize_locales.html.erb b/app/views/shared/_common_globalize_locales.html.erb index 43232b2b9..e48aef1e5 100644 --- a/app/views/shared/_common_globalize_locales.html.erb +++ b/app/views/shared/_common_globalize_locales.html.erb @@ -1,7 +1,7 @@

" - data-one-languages-description="<%= t("shared.translations.languages_in_use_html", count: 1) %>" - data-other-languages-description="<%= t("shared.translations.languages_in_use_html", count: 2) %>"> + data-zero-languages-description="<%= sanitize(t("shared.translations.languages_in_use", count: 0)) %>" + data-one-languages-description="<%= sanitize(t("shared.translations.languages_in_use", count: 1)) %>" + data-other-languages-description="<%= sanitize(t("shared.translations.languages_in_use", count: 2)) %>">
<%= selected_languages_description(resource) %> diff --git a/app/views/shared/_errors.html.erb b/app/views/shared/_errors.html.erb index 04de31885..010cee74a 100644 --- a/app/views/shared/_errors.html.erb +++ b/app/views/shared/_errors.html.erb @@ -10,7 +10,7 @@ <% if local_assigns[:message].present? %> <%= message %> <% else %> - <%= t("form.not_saved_html", resource: t("form.#{resource.class.to_s.underscore}")) %> + <%= sanitize(t("form.not_saved", resource: t("form.#{resource.class.to_s.underscore}"))) %> <% end %>
diff --git a/app/views/users/registrations/success.html.erb b/app/views/users/registrations/success.html.erb index e622aeabe..d733ad0c0 100644 --- a/app/views/users/registrations/success.html.erb +++ b/app/views/users/registrations/success.html.erb @@ -1,6 +1,6 @@

<%= t("devise_views.users.registrations.success.title") %>

-

<%= t("devise_views.users.registrations.success.thank_you_html") %>

-

<%= t("devise_views.users.registrations.success.instructions_1_html") %>

+

<%= sanitize(t("devise_views.users.registrations.success.thank_you")) %>

+

<%= sanitize(t("devise_views.users.registrations.success.instructions_1")) %>

<%= t("devise_views.users.registrations.success.instructions_2") %>

<%= link_to t("devise_views.users.registrations.success.back_to_index"), diff --git a/app/views/valuation/budget_investments/_dossier_detail.html.erb b/app/views/valuation/budget_investments/_dossier_detail.html.erb index 71ecad66e..dcfe8990c 100644 --- a/app/views/valuation/budget_investments/_dossier_detail.html.erb +++ b/app/views/valuation/budget_investments/_dossier_detail.html.erb @@ -13,7 +13,9 @@ <%= investment.unfeasibility_explanation.presence || "-" %>

- <%= t("valuation.budget_investments.edit.price_html", currency: budget.currency_symbol) %>: + + <%= sanitize(t("valuation.budget_investments.edit.price", currency: budget.currency_symbol)) %>: + <%= investment.price.presence || "-" %>

diff --git a/app/views/valuation/budget_investments/_dossier_form.html.erb b/app/views/valuation/budget_investments/_dossier_form.html.erb index 7e1b89801..a5229234d 100644 --- a/app/views/valuation/budget_investments/_dossier_form.html.erb +++ b/app/views/valuation/budget_investments/_dossier_form.html.erb @@ -41,7 +41,7 @@

<%= f.number_field :price, - label: t("valuation.budget_investments.edit.price_html", currency: budget.currency_symbol), + label: t("valuation.budget_investments.edit.price", currency: budget.currency_symbol), max: 1000000000000000 %>
diff --git a/app/views/verification/letter/show.html.erb b/app/views/verification/letter/show.html.erb index 8fdc94075..75cc5811f 100644 --- a/app/views/verification/letter/show.html.erb +++ b/app/views/verification/letter/show.html.erb @@ -7,7 +7,7 @@

<%= t("verification.letter.edit.title") %>

- <%= t("verification.letter.create.flash.success_html") %> + <%= sanitize(t("verification.letter.create.flash.success")) %>
<%= link_to t("verification.letter.edit.see_all"), proposals_path, class: "button warning" %> diff --git a/app/views/verification/residence/new.html.erb b/app/views/verification/residence/new.html.erb index 8f6d453c6..a5eb574a2 100644 --- a/app/views/verification/residence/new.html.erb +++ b/app/views/verification/residence/new.html.erb @@ -54,7 +54,7 @@ <%= f.text_field :document_number, label: false %> diff --git a/app/views/verification/sms/new.html.erb b/app/views/verification/sms/new.html.erb index b69bef710..93d4cb531 100644 --- a/app/views/verification/sms/new.html.erb +++ b/app/views/verification/sms/new.html.erb @@ -27,7 +27,7 @@
<%= f.label :phone, t("verification.sms.new.phone"), class: "inline-block" %> - <%= t("verification.sms.new.phone_format_html") %> + <%= sanitize(t("verification.sms.new.phone_format")) %>

<%= t("verification.sms.new.phone_note") %>

<%= f.text_field :phone, label: false, placeholder: t("verification.sms.new.phone_placeholder"), diff --git a/config/locales/en/admin.yml b/config/locales/en/admin.yml index 6051d554b..3685fcb64 100644 --- a/config/locales/en/admin.yml +++ b/config/locales/en/admin.yml @@ -198,8 +198,8 @@ en: min_total_supports: Minimum supports max_total_supports: Maximum supports winners: Winners - one_filter_html: "Current applied filters: %{filter}" - two_filters_html: "Current applied filters: %{filter}, %{advanced_filters}" + one_filter: "Current applied filters: %{filter}" + two_filters: "Current applied filters: %{filter}, %{advanced_filters}" buttons: filter: Filter download_current_selection: "Download current selection" @@ -555,7 +555,7 @@ en: form: error: Error form: - title_html: 'Editing %{draft_version_title} from the process %{process_title}' + title: 'Editing %{draft_version_title} from the process %{process_title}' launch_text_editor: Launch text editor close_text_editor: Close text editor use_markdown: Use Markdown to format the text @@ -767,7 +767,7 @@ en: empty_newsletters: There are no newsletters to show new: title: New newsletter - header_footer_help_text_html: "The heading and footer are the same for all emails, you can modify them on app/views/layouts/mailer_header and app/views/layouts/mailer_footer.
You can replace header image on %{link}." + header_footer_help_text: "The heading and footer are the same for all emails, you can modify them on app/views/layouts/mailer_header and app/views/layouts/mailer_footer.
You can replace header image on %{link}." image_link: "custom images" edit: title: Edit newsletter @@ -1187,7 +1187,7 @@ en: pending: Pending rejected: Rejected verified: Verified - hidden_count_html: + hidden_count: one: There is also one organisation with no users or with a hidden user. other: There are %{count} organisations with no users or with a hidden user. name: Name @@ -1542,7 +1542,7 @@ en: see_page: See page new: title: Create new custom page - slug_help_html: "Text to identify this page on URL, for example https://consulproject.org/page-slug" + slug_help: "Text to identify this page on URL, for example https://consulproject.org/page-slug" page: created_at: Created at status: Status diff --git a/config/locales/en/budgets.yml b/config/locales/en/budgets.yml index ccdd6ec08..f3c5713b5 100644 --- a/config/locales/en/budgets.yml +++ b/config/locales/en/budgets.yml @@ -7,7 +7,7 @@ en: remaining: "You still have %{amount} to invest." no_balloted_group_yet: "You have not voted on this group yet, go vote!" remove: Remove vote - voted_html: + voted: one: "You have voted one investment." other: "You have voted %{count} investments." voted_info: "Your ballot is confirmed!" @@ -79,17 +79,17 @@ en: button: Search placeholder: Search investment projects... title: Search - search_results_html: + search_results: one: " containing the term '%{search_term}'" other: " containing the term '%{search_term}'" sidebar: my_ballot: My ballot - voted_html: + voted: one: "You voted one proposal with a cost of %{amount_spent}" other: "You voted %{count} proposals with a cost of %{amount_spent}" voted_info: You can %{link} at any time until the close of this phase. No need to spend all the money available. voted_info_link: change your vote - different_heading_assigned_html: "You have active votes in another heading: %{heading_link}" + different_heading_assigned: "You have active votes in another heading: %{heading_link}" change_ballot: "If your change your mind you can remove your votes in %{check_ballot} and start again." check_ballot_link: "check and confirm my ballot" zero: You have not voted any investment project in this group. @@ -109,9 +109,9 @@ en: author_deleted: User deleted price_explanation: Price explanation unfeasibility_explanation: Unfeasibility explanation - code_html: "Investment project code: %{code}" - location_html: "Location: %{location}" - organization_name_html: "Proposed on behalf of: %{name}" + code: "Investment project code: %{code}" + location: "Location: %{location}" + organization_name: "Proposed on behalf of: %{name}" share: Share title: Investment project supports: Supports @@ -120,10 +120,10 @@ en: comments_tab: Comments milestones_tab: Milestones author: Author - project_unfeasible_html: "This investment project has been marked as not feasible and will not go to balloting phase." - project_selected_html: "This investment project has been selected for balloting phase." + project_unfeasible: "This investment project has been marked as not feasible and will not go to balloting phase." + project_selected: "This investment project has been selected for balloting phase." project_winner: "Winning investment project" - project_not_selected_html: "This investment project has not been selected for balloting phase." + project_not_selected: "This investment project has not been selected for balloting phase." see_price_explanation: See price explanation wrong_price_format: Only integer numbers investment: @@ -141,7 +141,7 @@ en: give_support: Support header: check_ballot: Check and confirm my ballot - different_heading_assigned_html: "You have active votes in another heading: %{heading_link}" + different_heading_assigned: "You have active votes in another heading: %{heading_link}" change_ballot: "If your change your mind you can remove your votes in %{check_ballot} and start again." check_ballot_link: "check and confirm my ballot" price: "This heading has a budget of" diff --git a/config/locales/en/devise_views.yml b/config/locales/en/devise_views.yml index 2840069d7..d814dc55b 100644 --- a/config/locales/en/devise_views.yml +++ b/config/locales/en/devise_views.yml @@ -6,7 +6,7 @@ en: submit: Re-send instructions title: Re-send confirmation instructions show: - instructions_html: Confirming the account with email %{email} + instructions: Confirming the account with email %{email} new_password_confirmation_label: Repeat access password new_password_label: New access password please_set_password: Please choose your new pasword (it will allow you to login with the email above) @@ -50,10 +50,10 @@ en: title: Register as an organisation or collective success: back_to_index: I understand; go back to main page - instructions_1_html: "We will contact you soon to verify that you do in fact represent this collective." - instructions_2_html: While your email is reviewed, we have sent you a link to confirm your account. + instructions_1: "We will contact you soon to verify that you do in fact represent this collective." + instructions_2: While your email is reviewed, we have sent you a link to confirm your account. instructions_3: Once confirmed, you may begin to participate as an unverified collective. - thank_you_html: Thank you for registering your collective on the website. It is now pending verification. + thank_you: Thank you for registering your collective on the website. It is now pending verification. title: Registration of organisation / collective passwords: edit: @@ -123,7 +123,7 @@ en: username_note: Name that appears next to your posts success: back_to_index: I understand; go back to main page - instructions_1_html: Please check your email - we have sent you a link to confirm your account. + instructions_1: Please check your email - we have sent you a link to confirm your account. instructions_2: Once confirmed, you may begin participation. - thank_you_html: Thank you for registering for the website. You must now confirm your email address. + thank_you: Thank you for registering for the website. You must now confirm your email address. title: Confirm your email address diff --git a/config/locales/en/documents.yml b/config/locales/en/documents.yml index 62ab2ef24..d60fd5c9d 100644 --- a/config/locales/en/documents.yml +++ b/config/locales/en/documents.yml @@ -1,7 +1,7 @@ en: documents: title: Documents - max_documents_allowed_reached_html: You have reached the maximum number of documents allowed! You have to delete one before you can upload another. + max_documents_allowed_reached: You have reached the maximum number of documents allowed! You have to delete one before you can upload another. additional: Additional documentation form: title: Documents diff --git a/config/locales/en/general.yml b/config/locales/en/general.yml index 5c070f4e7..b08677ab4 100644 --- a/config/locales/en/general.yml +++ b/config/locales/en/general.yml @@ -116,7 +116,7 @@ en: button: Search placeholder: Search debates... title: Search - search_results_html: + search_results: one: " containing the term '%{search_term}'" other: " containing the term '%{search_term}'" select_order: Order by @@ -169,7 +169,7 @@ en: direct_message: private message error: error errors: errors - not_saved_html: "prevented this %{resource} from being saved.
Please check the marked fields to know how to correct them:" + not_saved: "prevented this %{resource} from being saved.
Please check the marked fields to know how to correct them:" policy: Privacy Policy proposal: Proposal proposal_notification: "Notification" @@ -302,7 +302,7 @@ en: created: title: Congratulations! You have taken the first step. motivation: "It is important to prepare the launch campaign for your proposal to be successful. The first few days are decisive." - motivation_2_html: "If you want recommendations to prepare the publishing leave your proposal as a draft and we will guide you." + motivation_2: "If you want recommendations to prepare the publishing leave your proposal as a draft and we will guide you." publish: No, I want to publish the proposal dashboard: Yes, I want help and I'll publish later preview_title: This is how your proposal will look when you publish it @@ -376,7 +376,7 @@ en: button: Search placeholder: Search proposals... title: Search - search_results_html: + search_results: one: " containing the term '%{search_term}'" other: " containing the term '%{search_term}'" select_order: Order by @@ -570,12 +570,12 @@ en: title: Poster preview poster_title: "Do not keep looking," poster_subtitle: "back me up! ;)" - intro_text_html: + intro_text: "I am participating in %{org} with my own citizen proposal and only if you also add you can I achieve the necessary support to make the city we all want." proposal_code: "Code of the proposal: %{code}" support: Support my proposal - footer_html: "Visit %{link} and support this proposal. We need to be many. Decide your too. Thank you!" + footer: "Visit %{link} and support this proposal. We need to be many. Decide your too. Thank you!" new: title: Poster of your proposal options: @@ -593,7 +593,7 @@ en: sent: The email has been sent mailer: forward: - subtitle_html: "If you support me,
we will achieve it." + subtitle: "If you support me,
we will achieve it." support_button: Support this proposal share_in: Share in hi: "Hello!" @@ -644,7 +644,7 @@ en: back: Back to voting cant_answer_not_logged_in: "You must %{signin} or %{signup} to participate." comments_tab: Comments - cant_answer_verify_html: "You must %{verify_link} in order to answer." + cant_answer_verify: "You must %{verify_link} in order to answer." verify_link: "verify your account" cant_answer_expired: "This poll has finished." cant_answer_wrong_geozone: "This question is not available on your geozone." @@ -805,7 +805,7 @@ en: select_language_prompt: Choose language remove_language: Remove language add_language: Add language - languages_in_use_html: + languages_in_use: zero: "0 languages in use" one: "1 language in use" other: "%{count} languages in use" diff --git a/config/locales/en/mailers.yml b/config/locales/en/mailers.yml index 37eb39582..ff891f27f 100644 --- a/config/locales/en/mailers.yml +++ b/config/locales/en/mailers.yml @@ -4,21 +4,21 @@ en: no_reply: "This message was sent from an email address that does not accept replies." comment: hi: Hi - new_comment_by_html: There is a new comment from %{commenter} + new_comment_by: There is a new comment from %{commenter} subject: Someone has commented on your %{commentable} title: New comment config: manage_email_subscriptions: To stop receiving these emails change your settings in email_verification: click_here_to_verify: this link - instructions_2_html: This email will verify your account with %{document_type} %{document_number}. If these don't belong to you, please don't click on the previous link and ignore this email. - instructions_html: To complete the verification of your user account you must click %{verification_link}. + instructions_2: This email will verify your account with %{document_type} %{document_number}. If these don't belong to you, please don't click on the previous link and ignore this email. + instructions: To complete the verification of your user account you must click %{verification_link}. subject: Confirm your email thanks: Thank you very much. title: Confirm your account using the following link reply: hi: Hi - new_reply_by_html: There is a new response from %{commenter} to your comment on + new_reply_by: There is a new response from %{commenter} to your comment on subject: Someone has responded to your comment title: New response to your comment proposal_notification_digest: @@ -35,7 +35,7 @@ en: unsubscribe_account: My account direct_message_for_sender: subject: "You have sent a new private message" - title_html: "You have sent a new private message to %{receiver} with the content:" + title: "You have sent a new private message to %{receiver} with the content:" user_invite: ignore: "If you have not requested this invitation don't worry, you can ignore this email." text: "Thank you for applying to join %{org}! In seconds you can start to participate, just fill the form below:" @@ -54,7 +54,7 @@ en: share: "Share your project" budget_investment_unfeasible: hi: "Dear user," - new_html: "For all these, we invite you to elaborate a new investment that adjusts to the conditions of this process. You can do it following this link: %{url}." + new: "For all these, we invite you to elaborate a new investment that adjusts to the conditions of this process. You can do it following this link: %{url}." new_href: "new investment project" sincerely: "Sincerely" sorry: "Sorry for the inconvenience and we again thank you for your invaluable participation." @@ -75,7 +75,7 @@ en: subject: "New evaluation comment" title: New evaluation comment for %{investment} hi: Hi - new_comment_by_html: There is a new evaluation comment from %{commenter} to the budget investment %{investment} + new_comment_by: There is a new evaluation comment from %{commenter} to the budget investment %{investment} commenter_info: "%{commenter}, %{time}:" new_actions_notification_rake_created: subject: "More news about your citizen proposal" diff --git a/config/locales/en/management.yml b/config/locales/en/management.yml index 775a1b93a..b617bcb74 100644 --- a/config/locales/en/management.yml +++ b/config/locales/en/management.yml @@ -112,8 +112,8 @@ en: create_user: Create a new account create_user_info: We will create an account with the following data create_user_submit: Create user - create_user_success_html: We have sent an email to the email address %{email} in order to verify that it belongs to this user. It contains a link they have to click. Then they will have to set their access password before being able to log in to the website - autogenerated_password_html: "Autogenerated password is %{password}, you can change it in the 'My account' section of the web" + create_user_success: We have sent an email to the email address %{email} in order to verify that it belongs to this user. It contains a link they have to click. Then they will have to set their access password before being able to log in to the website + autogenerated_password: "Autogenerated password is %{password}, you can change it in the 'My account' section of the web" email_optional_label: Email (optional) erased_notice: User account deleted. erased_by_manager: "Deleted by manager: %{manager}" @@ -128,5 +128,5 @@ en: submit: Send invitations title: Send invitations create: - success_html: %{count} invitations have been sent. + success: %{count} invitations have been sent. title: Send invitations diff --git a/config/locales/en/stats.yml b/config/locales/en/stats.yml index 0c0b41f70..8662fbde5 100644 --- a/config/locales/en/stats.yml +++ b/config/locales/en/stats.yml @@ -27,7 +27,7 @@ en: by_heading: "Participants by phase and heading" total: "Total" heading: "Heading" - investments_sent_html: "Investment proposals sent" + investments_sent: "Investment proposals sent" participants_support_phase: "Participants support phase" participants_vote_phase: "Participants voting phase" participants_every_phase: "Total participants" diff --git a/config/locales/en/valuation.yml b/config/locales/en/valuation.yml index caa4df28d..49565749e 100644 --- a/config/locales/en/valuation.yml +++ b/config/locales/en/valuation.yml @@ -56,7 +56,7 @@ en: preview: Investment preview edit: dossier: Dossier - price_html: "Price (%{currency})" + price: "Price (%{currency})" price_first_year: "Cost during the first year (%{currency}) (optional, data not public)" feasibility: Feasibility valuation_finished_alert: "Are you sure you want to mark this report as completed? If you do it, it can no longer be modified." diff --git a/config/locales/en/verification.yml b/config/locales/en/verification.yml index af82308e0..22057d67d 100644 --- a/config/locales/en/verification.yml +++ b/config/locales/en/verification.yml @@ -19,7 +19,7 @@ en: unconfirmed_code: You have not yet entered the confirmation code create: flash: - success_html: Thank you for requesting your maximum security code (only required for the final votes). In a few days we will send it to the address featuring in the data we have on file. Please remember that, if you prefer, you can collect your code from any of the Citizen Support Offices. + success: Thank you for requesting your maximum security code (only required for the final votes). In a few days we will send it to the address featuring in the data we have on file. Please remember that, if you prefer, you can collect your code from any of the Citizen Support Offices. edit: see_all: See proposals title: Letter requested @@ -49,7 +49,7 @@ en: accept_terms_text_title: I accept the terms and conditions of access of the Census document_number: Document number document_number_help_title: Help - document_number_help_text_html: "DNI: 12345678A
Passport: AAA000001
Residence card: X1234567P" + document_number_help_text: "DNI: 12345678A
Passport: AAA000001
Residence card: X1234567P" document_type: passport: Passport residence_card: Residence card @@ -73,7 +73,7 @@ en: title: Security code confirmation new: phone: Enter your mobile phone number to receive the code - phone_format_html: "(Example: 612345678 or +34612345678)" + phone_format: "(Example: 612345678 or +34612345678)" phone_note: We only use your phone to send you a code, never to contact you. phone_placeholder: "Example: 612345678 or +34612345678" submit_button: Send diff --git a/config/locales/es/admin.yml b/config/locales/es/admin.yml index 9cdd509aa..48ce63edf 100644 --- a/config/locales/es/admin.yml +++ b/config/locales/es/admin.yml @@ -198,8 +198,8 @@ es: min_total_supports: Apoyos mínimos max_total_supports: Apoyos máximos winners: Ganadores - one_filter_html: "Filtros en uso: %{filter}" - two_filters_html: "Filtros en uso: %{filter}, %{advanced_filters}" + one_filter: "Filtros en uso: %{filter}" + two_filters: "Filtros en uso: %{filter}, %{advanced_filters}" buttons: filter: Filtrar download_current_selection: "Descargar selección actual" @@ -554,7 +554,7 @@ es: form: error: Error form: - title_html: 'Editando %{draft_version_title} del proceso %{process_title}' + title: 'Editando %{draft_version_title} del proceso %{process_title}' launch_text_editor: Lanzar editor de texto close_text_editor: Cerrar editor de texto use_markdown: Usa Markdown para formatear el texto @@ -766,7 +766,7 @@ es: empty_newsletters: No hay newsletters para mostrar new: title: Nueva newsletter - header_footer_help_text_html: "El encabezado y pie son los mismos en todos los emails, puedes modificarlos en app/views/layouts/mailer_header y app/views/layouts/mailer_footer.
Puedes reemplazar la imagen del encabezado en %{link}." + header_footer_help_text: "El encabezado y pie son los mismos en todos los emails, puedes modificarlos en app/views/layouts/mailer_header y app/views/layouts/mailer_footer.
Puedes reemplazar la imagen del encabezado en %{link}." image_link: "personalizar imágenes" edit: title: Editar newsletter @@ -1186,7 +1186,7 @@ es: pending: Pendientes rejected: Rechazadas verified: Verificadas - hidden_count_html: + hidden_count: one: Hay además una organización sin usuario o con el usuario bloqueado. other: Hay %{count} organizaciones sin usuario o con el usuario bloqueado. name: Nombre @@ -1541,7 +1541,7 @@ es: see_page: Ver página new: title: Página nueva - slug_help_html: "Texto que identifica esta página en la URL, por ejemplo https://consulproject.org/slug-de-pagina" + slug_help: "Texto que identifica esta página en la URL, por ejemplo https://consulproject.org/slug-de-pagina" page: created_at: Creada status: Estado diff --git a/config/locales/es/budgets.yml b/config/locales/es/budgets.yml index a73292b76..e096dcc3b 100644 --- a/config/locales/es/budgets.yml +++ b/config/locales/es/budgets.yml @@ -7,7 +7,7 @@ es: remaining: "Te quedan %{amount} para invertir" no_balloted_group_yet: "Todavía no has votado proyectos de este grupo, ¡vota!" remove: Quitar voto - voted_html: + voted: one: "Has votado un proyecto." other: "Has votado %{count} proyectos." voted_info: "¡Tus votos están confirmados!" @@ -18,9 +18,9 @@ es: not_verified: Los proyectos de gasto sólo pueden ser apoyados por usuarios verificados, %{verify_account}. organization: Las organizaciones no pueden votar. not_selected: No se pueden votar proyectos inviables. - not_enough_money_html: "Ya has asignado el presupuesto disponible.
Recuerda que puedes %{change_ballot} en cualquier momento" + not_enough_money: "Ya has asignado el presupuesto disponible.
Recuerda que puedes %{change_ballot} en cualquier momento" no_ballots_allowed: El periodo de votación está cerrado. - different_heading_assigned_html: "Ya has votado proyectos de otra partida: %{heading_link}" + different_heading_assigned: "Ya has votado proyectos de otra partida: %{heading_link}" change_ballot: cambiar tus votos casted_offline: Ya has participado presencialmente groups: @@ -79,17 +79,17 @@ es: button: Buscar placeholder: Buscar proyectos de gasto... title: Buscar - search_results_html: + search_results: one: " que contiene '%{search_term}'" other: " que contienen '%{search_term}'" sidebar: my_ballot: Mis votos - voted_html: + voted: one: "Has votado un proyecto por un valor de %{amount_spent}" other: "Has votado %{count} proyectos por un valor de %{amount_spent}" voted_info: Puedes %{link} en cualquier momento hasta el cierre de esta fase. No hace falta que gastes todo el dinero disponible. voted_info_link: cambiar tus votos - different_heading_assigned_html: "Ya apoyaste proyectos de otra sección del presupuesto: %{heading_link}" + different_heading_assigned: "Ya apoyaste proyectos de otra sección del presupuesto: %{heading_link}" change_ballot: "Si cambias de opinión puedes borrar tus votos en %{check_ballot} y volver a empezar." check_ballot_link: "revisar y confirmar mis votos" zero: Todavía no has votado ningún proyecto de gasto en este ámbito del presupuesto. @@ -109,9 +109,9 @@ es: author_deleted: Usuario eliminado price_explanation: Informe de coste unfeasibility_explanation: Informe de inviabilidad - code_html: "Código proyecto de gasto: %{code}" - location_html: "Ubicación: %{location}" - organization_name_html: "Propuesto en nombre de: %{name}" + code: "Código proyecto de gasto: %{code}" + location: "Ubicación: %{location}" + organization_name: "Propuesto en nombre de: %{name}" share: Compartir title: Proyecto de gasto supports: Apoyos @@ -120,10 +120,10 @@ es: comments_tab: Comentarios milestones_tab: Seguimiento author: Autor - project_unfeasible_html: "Este proyecto de gasto ha sido marcado como inviable y no pasará a la fase de votación." - project_selected_html: "Este proyecto de gasto ha sido seleccionado para la fase de votación." + project_unfeasible: "Este proyecto de gasto ha sido marcado como inviable y no pasará a la fase de votación." + project_selected: "Este proyecto de gasto ha sido seleccionado para la fase de votación." project_winner: "Proyecto de gasto ganador" - project_not_selected_html: "Este proyecto de gasto no ha sido seleccionado para la fase de votación." + project_not_selected: "Este proyecto de gasto no ha sido seleccionado para la fase de votación." see_price_explanation: Ver informe de coste wrong_price_format: Solo puede incluir caracteres numéricos investment: @@ -141,7 +141,7 @@ es: give_support: Apoyar header: check_ballot: Revisar y confirmar mis votos - different_heading_assigned_html: "Ya apoyaste proyectos de otra sección del presupuesto: %{heading_link}" + different_heading_assigned: "Ya apoyaste proyectos de otra sección del presupuesto: %{heading_link}" change_ballot: "Si cambias de opinión puedes borrar tus votos en %{check_ballot} y volver a empezar." check_ballot_link: "revisar y confirmar mis votos" price: "Esta partida tiene un presupuesto de" diff --git a/config/locales/es/devise_views.yml b/config/locales/es/devise_views.yml index 5134b29e2..21c83d8d3 100644 --- a/config/locales/es/devise_views.yml +++ b/config/locales/es/devise_views.yml @@ -6,7 +6,7 @@ es: submit: Reenviar instrucciones title: Reenviar instrucciones de confirmación show: - instructions_html: Vamos a proceder a confirmar la cuenta con el email %{email} + instructions: Vamos a proceder a confirmar la cuenta con el email %{email} new_password_confirmation_label: Repite la clave de nuevo new_password_label: Nueva clave de acceso please_set_password: Por favor introduce una nueva clave de acceso para su cuenta (te permitirá hacer login con el email de más arriba) @@ -50,10 +50,10 @@ es: title: Registrarse como organización / colectivo success: back_to_index: Entendido, volver a la página principal - instructions_1_html: "En breve nos pondremos en contacto contigo para verificar que realmente representas a este colectivo." - instructions_2_html: Mientras revisa tu correo electrónico, te hemos enviado un enlace para confirmar tu cuenta. + instructions_1: "En breve nos pondremos en contacto contigo para verificar que realmente representas a este colectivo." + instructions_2: Mientras revisa tu correo electrónico, te hemos enviado un enlace para confirmar tu cuenta. instructions_3: Una vez confirmado, podrás empezar a participar como colectivo no verificado. - thank_you_html: Gracias por registrar tu colectivo en la web. Ahora está pendiente de verificación. + thank_you: Gracias por registrar tu colectivo en la web. Ahora está pendiente de verificación. title: Registro de organización / colectivo passwords: edit: @@ -123,7 +123,7 @@ es: username_note: Nombre público que aparecerá en tus publicaciones success: back_to_index: Entendido, volver a la página principal - instructions_1_html: Por favor revisa tu correo electrónico - te hemos enviado un enlace para confirmar tu cuenta. + instructions_1: Por favor revisa tu correo electrónico - te hemos enviado un enlace para confirmar tu cuenta. instructions_2: Una vez confirmado, podrás empezar a participar. - thank_you_html: Gracias por registrarte en la web. Ahora debes confirmar tu correo. + thank_you: Gracias por registrarte en la web. Ahora debes confirmar tu correo. title: Revisa tu correo diff --git a/config/locales/es/documents.yml b/config/locales/es/documents.yml index e85e373fe..88121ace3 100644 --- a/config/locales/es/documents.yml +++ b/config/locales/es/documents.yml @@ -1,7 +1,7 @@ es: documents: title: Documentos - max_documents_allowed_reached_html: '¡Has alcanzado el número máximo de documentos permitidos! Tienes que eliminar uno antes de poder subir otro.' + max_documents_allowed_reached: '¡Has alcanzado el número máximo de documentos permitidos! Tienes que eliminar uno antes de poder subir otro.' additional: Documentación adicional form: title: Documentos diff --git a/config/locales/es/general.yml b/config/locales/es/general.yml index 8fddb332e..4b2391528 100644 --- a/config/locales/es/general.yml +++ b/config/locales/es/general.yml @@ -116,7 +116,7 @@ es: button: Buscar placeholder: Buscar debates... title: Buscar - search_results_html: + search_results: one: " que contiene '%{search_term}'" other: " que contienen '%{search_term}'" select_order: Ordenar por @@ -169,7 +169,7 @@ es: direct_message: el mensaje privado error: error errors: errores - not_saved_html: "impidieron guardar %{resource}.
Por favor revisa los campos marcados para saber cómo corregirlos:" + not_saved: "impidieron guardar %{resource}.
Por favor revisa los campos marcados para saber cómo corregirlos:" policy: Política de privacidad proposal: la propuesta proposal_notification: "la notificación" @@ -302,7 +302,7 @@ es: created: title: '¡Enhorabuena! Has dado el primer paso.' motivation: "Es importante preparar la campaña de lanzamiento de tu propuesta para que tenga éxito. Los primeros días son decisivos." - motivation_2_html: "Si quieres recomendaciones para preparar la publicación deja tu propuesta como borrador y te guiaremos." + motivation_2: "Si quieres recomendaciones para preparar la publicación deja tu propuesta como borrador y te guiaremos." publish: No, quiero publicar la propuesta ya dashboard: Si, quiero ayuda y publicaré mas tarde preview_title: Así es como quedará tu propuesta cuando la publiques @@ -376,7 +376,7 @@ es: button: Buscar placeholder: Buscar propuestas... title: Buscar - search_results_html: + search_results: one: " que contiene '%{search_term}'" other: " que contienen '%{search_term}'" select_order: Ordenar por @@ -570,10 +570,10 @@ es: title: Previsualización del poster poster_title: "No te quedes mirando," poster_subtitle: "¡apóyame! ;)" - intro_text_html: "Estoy participando en %{org} con mi propia propuesta ciudadana y sólo si tú también te sumas podré lograr el apoyo necesario para hacer la ciudad que todos queremos." + intro_text: "Estoy participando en %{org} con mi propia propuesta ciudadana y sólo si tú también te sumas podré lograr el apoyo necesario para hacer la ciudad que todos queremos." proposal_code: "Código de la propuesta: %{code}" support: Apoya mi propuesta - footer_html: "Entra en %{link} y apoya esta propuesta. Necesitamos ser muchos. Decide tu también. ¡Gracias!" + footer: "Entra en %{link} y apoya esta propuesta. Necesitamos ser muchos. Decide tu también. ¡Gracias!" new: title: Póster de tu propuesta options: @@ -591,7 +591,7 @@ es: sent: El e-mail ha sido enviado mailer: forward: - subtitle_html: "Si me apoyas,
lo conseguiremos." + subtitle: "Si me apoyas,
lo conseguiremos." support_button: Apoyar esta propuesta share_in: Compartir en hi: "¡Hola!" @@ -642,7 +642,7 @@ es: back: Volver a votaciones cant_answer_not_logged_in: "Necesitas %{signin} o %{signup} para participar." comments_tab: Comentarios - cant_answer_verify_html: "Por favor %{verify_link} para poder responder." + cant_answer_verify: "Por favor %{verify_link} para poder responder." verify_link: "verifica tu cuenta" cant_answer_expired: "Esta votación ha terminado." cant_answer_wrong_geozone: "Esta votación no está disponible en tu zona." @@ -802,7 +802,7 @@ es: select_language_prompt: Seleccionar idioma remove_language: Eliminar idioma add_language: Añadir idioma - languages_in_use_html: + languages_in_use: zero: "0 idiomas en uso" one: "1 idioma en uso" other: "%{count} idiomas en uso" diff --git a/config/locales/es/mailers.yml b/config/locales/es/mailers.yml index 261f5f6be..13c2fd978 100644 --- a/config/locales/es/mailers.yml +++ b/config/locales/es/mailers.yml @@ -4,21 +4,21 @@ es: no_reply: "Este mensaje se ha enviado desde una dirección de correo electrónico que no admite respuestas." comment: hi: Hola - new_comment_by_html: Hay un nuevo comentario de %{commenter} en + new_comment_by: Hay un nuevo comentario de %{commenter} en subject: Alguien ha comentado en tu %{commentable} title: Nuevo comentario config: manage_email_subscriptions: Puedes dejar de recibir estos emails cambiando tu configuración en email_verification: click_here_to_verify: en este enlace - instructions_2_html: Este email es para verificar tu cuenta con %{document_type} %{document_number}. Si esos no son tus datos, por favor no pulses el enlace anterior e ignora este email. - instructions_html: Para terminar de verificar tu cuenta de usuario pulsa %{verification_link}. + instructions_2: Este email es para verificar tu cuenta con %{document_type} %{document_number}. Si esos no son tus datos, por favor no pulses el enlace anterior e ignora este email. + instructions: Para terminar de verificar tu cuenta de usuario pulsa %{verification_link}. subject: Verifica tu email thanks: Muchas gracias. title: Verifica tu cuenta con el siguiente enlace reply: hi: Hola - new_reply_by_html: Hay una nueva respuesta de %{commenter} a tu comentario en + new_reply_by: Hay una nueva respuesta de %{commenter} a tu comentario en subject: Alguien ha respondido a tu comentario title: Nueva respuesta a tu comentario proposal_notification_digest: @@ -35,7 +35,7 @@ es: unsubscribe_account: Mi cuenta direct_message_for_sender: subject: "Has enviado un nuevo mensaje privado" - title_html: "Has enviado un nuevo mensaje privado a %{receiver} con el siguiente contenido:" + title: "Has enviado un nuevo mensaje privado a %{receiver} con el siguiente contenido:" user_invite: ignore: "Si no has solicitado esta invitación no te preocupes, puedes ignorar este correo." text: "¡Gracias por solicitar unirte a %{org}! En unos segundos podrás empezar a participar, sólo tienes que rellenar el siguiente formulario:" @@ -54,7 +54,7 @@ es: share: "Comparte tu proyecto" budget_investment_unfeasible: hi: "Estimado/a usuario/a" - new_html: "Por todo ello, te invitamos a que elabores un nuevo proyecto de gasto que se ajuste a las condiciones de este proceso. Esto lo puedes hacer en este enlace: %{url}." + new: "Por todo ello, te invitamos a que elabores un nuevo proyecto de gasto que se ajuste a las condiciones de este proceso. Esto lo puedes hacer en este enlace: %{url}." new_href: "nuevo proyecto de gasto" sincerely: "Atentamente" sorry: "Sentimos las molestias ocasionadas y volvemos a darte las gracias por tu inestimable participación." @@ -75,7 +75,7 @@ es: subject: "Nuevo comentario de evaluación" title: Nuevo comentario de evaluación para %{investment} hi: Hola - new_comment_by_html: Hay un nuevo comentario de evaluación de %{commenter} en el presupuesto participativo %{investment} + new_comment_by: Hay un nuevo comentario de evaluación de %{commenter} en el presupuesto participativo %{investment} commenter_info: "%{commenter}, %{time}" new_actions_notification_rake_created: subject: "Más novedades de tu propuesta ciudadana" diff --git a/config/locales/es/management.yml b/config/locales/es/management.yml index 919be4acb..b6ee0acb7 100644 --- a/config/locales/es/management.yml +++ b/config/locales/es/management.yml @@ -112,8 +112,8 @@ es: create_user: Crear nueva cuenta de usuario create_user_info: Procedemos a crear un usuario con la siguiente información create_user_submit: Crear usuario - create_user_success_html: Hemos enviado un correo electrónico a %{email} para verificar que es suya. El correo enviado contiene un link que el usuario deberá pulsar. Entonces podrá seleccionar una clave de acceso, y entrar en la web de participación. - autogenerated_password_html: "Se ha asignado la contraseña %{password} a este usuario. Puede modificarla desde el apartado 'Mi cuenta' de la web." + create_user_success: Hemos enviado un correo electrónico a %{email} para verificar que es suya. El correo enviado contiene un link que el usuario deberá pulsar. Entonces podrá seleccionar una clave de acceso, y entrar en la web de participación. + autogenerated_password: "Se ha asignado la contraseña %{password} a este usuario. Puede modificarla desde el apartado 'Mi cuenta' de la web." email_optional_label: Email (recomendado pero opcional) erased_notice: Cuenta de usuario borrada. erased_by_manager: "Borrada por el manager: %{manager}" @@ -128,5 +128,5 @@ es: submit: Enviar invitaciones title: Enviar invitaciones create: - success_html: Se han enviado %{count} invitaciones. + success: Se han enviado %{count} invitaciones. title: Enviar invitaciones diff --git a/config/locales/es/stats.yml b/config/locales/es/stats.yml index a810beaf1..32830417d 100644 --- a/config/locales/es/stats.yml +++ b/config/locales/es/stats.yml @@ -26,7 +26,7 @@ es: by_heading: "Participantes por distritos y fase" total: "Total" heading: "Distrito" - investments_sent_html: "Propuestas
enviadas" + investments_sent: "Propuestas
enviadas" participants_support_phase: "Participantes fase apoyos" participants_vote_phase: "Participantes fase votación" participants_every_phase: "Total de participantes" diff --git a/config/locales/es/valuation.yml b/config/locales/es/valuation.yml index f6fbe8c89..1f5406961 100644 --- a/config/locales/es/valuation.yml +++ b/config/locales/es/valuation.yml @@ -56,7 +56,7 @@ es: preview: Vista previa de presupuesto edit: dossier: Informe - price_html: "Coste (%{currency}) (dato público)" + price: "Coste (%{currency}) (dato público)" price_first_year: "Coste en el primer año (%{currency}) (opcional, dato no público)" feasibility: Viabilidad valuation_finished_alert: "¿Estás seguro/a de querer marcar este informe como completado? Una vez hecho, no se puede deshacer la acción." diff --git a/config/locales/es/verification.yml b/config/locales/es/verification.yml index bd169c621..cce8722de 100644 --- a/config/locales/es/verification.yml +++ b/config/locales/es/verification.yml @@ -19,7 +19,7 @@ es: unconfirmed_code: Todavía no has introducido el código de confirmación create: flash: - success_html: Antes de las votaciones recibirás una carta con las instrucciones para verificar tu cuenta.
Recuerda que puedes ahorrar el envío verificándote presencialmente en cualquiera de las Oficinas de Atención al Ciudadano. + success: Antes de las votaciones recibirás una carta con las instrucciones para verificar tu cuenta.
Recuerda que puedes ahorrar el envío verificándote presencialmente en cualquiera de las Oficinas de Atención al Ciudadano. edit: see_all: Ver propuestas title: Carta solicitada @@ -49,7 +49,7 @@ es: accept_terms_text_title: Acepto los términos de acceso al Padrón document_number: Número de documento document_number_help_title: Ayuda - document_number_help_text_html: "DNI: 12345678A
Pasaporte: AAA000001
Tarjeta de residencia: X1234567P" + document_number_help_text: "DNI: 12345678A
Pasaporte: AAA000001
Tarjeta de residencia: X1234567P" document_type: passport: Pasaporte residence_card: Tarjeta de residencia @@ -73,7 +73,7 @@ es: title: SMS de confirmación new: phone: Introduce tu teléfono móvil para recibir el código - phone_format_html: "(Ejemplo: 612345678 ó +34612345678)" + phone_format: "(Ejemplo: 612345678 ó +34612345678)" phone_note: Sólo usaremos tu teléfono para enviarte un código, nunca te contactaremos. phone_placeholder: "Ejemplo: 612345678 ó +34612345678" submit_button: Enviar diff --git a/spec/shared/features/followable.rb b/spec/shared/features/followable.rb index 4fd19c29b..40b833236 100644 --- a/spec/shared/features/followable.rb +++ b/spec/shared/features/followable.rb @@ -56,7 +56,7 @@ shared_examples "followable" do |followable_class_name, followable_path, followa scenario "Should display new follower notice after user clicks on follow button", :js do user = create(:user) login_as(user) - create_notice_message = t("shared.followable.#{followable_class_name}.create.notice_html") + create_notice_message = t("shared.followable.#{followable_class_name}.create.notice") visit send(followable_path, arguments) within "##{dom_id(followable)}" do @@ -91,7 +91,7 @@ shared_examples "followable" do |followable_class_name, followable_path, followa scenario "Should display destroy follower notice after user clicks on unfollow button", :js do user = create(:user, followables: [followable]) login_as(user) - destroy_notice_message = t("shared.followable.#{followable_class_name}.destroy.notice_html") + destroy_notice_message = t("shared.followable.#{followable_class_name}.destroy.notice") visit send(followable_path, arguments) within "##{dom_id(followable)}" do