consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use raw instead of html_safe

Browse Source 
They do the exact same thing; however `html_safe` might confuse
developers into thinking it will make the HTML safe. Using `raw` makes
it clear that we're inserting the text without escaping it.
This commit is contained in:
Javi Martín
2019-10-06 16:22:01 +02:00
parent 9eee79f218
commit 89402bdbf6
7 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/helpers/text_with_links_helper.rb
View File

@@ -10,7 +10,7 @@ module TextWithLinksHelper
return if html.nil? return if html.nil?
raise "Could not add links because the content is not safe" unless html.html_safe? raise "Could not add links because the content is not safe" unless html.html_safe?
Rinku.auto_link(html, :all, 'target="_blank" rel="nofollow"').html_safe raw Rinku.auto_link(html, :all, 'target="_blank" rel="nofollow"')
end end
def simple_format_no_tags_no_sanitize(html) def simple_format_no_tags_no_sanitize(html)

4
app/views/admin/site_customization/content_blocks/index.html.erb
View File

@@ -32,7 +32,7 @@
<% @content_blocks.each do |content_block| %> <% @content_blocks.each do |content_block| %>
<tr id="<%= dom_id(content_block) %>"> <tr id="<%= dom_id(content_block) %>">
<td><%= link_to "#{content_block.name} (#{content_block.locale})", edit_admin_site_customization_content_block_path(content_block) %></td> <td><%= link_to "#{content_block.name} (#{content_block.locale})", edit_admin_site_customization_content_block_path(content_block) %></td>
<td><%= content_block.body.html_safe %></td> <td><%= raw content_block.body %></td>
<td> <td>
<%= link_to t("admin.site_customization.content_blocks.index.delete"), <%= link_to t("admin.site_customization.content_blocks.index.delete"),
admin_site_customization_content_block_path(content_block), admin_site_customization_content_block_path(content_block),
@@ -43,7 +43,7 @@
<% @headings_content_blocks.each do |content_block| %> <% @headings_content_blocks.each do |content_block| %>
<tr id="<%= dom_id(content_block) %>"> <tr id="<%= dom_id(content_block) %>">
<td><%= link_to "#{content_block.heading.name} (#{content_block.locale})", admin_site_customization_edit_heading_content_block_path(content_block) %></td> <td><%= link_to "#{content_block.heading.name} (#{content_block.locale})", admin_site_customization_edit_heading_content_block_path(content_block) %></td>
<td><%= content_block.body.html_safe %></td> <td><%= raw content_block.body %></td>
<td> <td>
<%= link_to t("admin.site_customization.content_blocks.index.delete"), <%= link_to t("admin.site_customization.content_blocks.index.delete"),
admin_site_customization_delete_heading_content_block_path(content_block.id), admin_site_customization_delete_heading_content_block_path(content_block.id),

2
app/views/comments/_form.html.erb
View File

@@ -1,7 +1,7 @@
<% valuation = local_assigns.fetch(:valuation, false) %> <% valuation = local_assigns.fetch(:valuation, false) %>
<% cache [locale_and_user_status, parent_id, commentable_cache_key(commentable), valuation] do %> <% cache [locale_and_user_status, parent_id, commentable_cache_key(commentable), valuation] do %>
<% css_id = parent_or_commentable_dom_id(parent_id, commentable) %> <% css_id = parent_or_commentable_dom_id(parent_id, commentable) %>
<div id="js-comment-form-<%= css_id %>" <%= "style='display:none'".html_safe if toggeable %> class="comment-form"> <div id="js-comment-form-<%= css_id %>" <%= raw("style='display:none'") if toggeable %> class="comment-form">
<%= form_for Comment.new, remote: true do |f| %> <%= form_for Comment.new, remote: true do |f| %>
<%= f.text_area :body, <%= f.text_area :body,
id: "comment-body-#{css_id}", id: "comment-body-#{css_id}",

4
app/views/layouts/application.html.erb
View File

@@ -11,10 +11,10 @@
type: "image/png" %> type: "image/png" %>
<%= content_for :social_media_meta_tags %> <%= content_for :social_media_meta_tags %>
<%= setting["html.per_page_code_head"].try(:html_safe) %> <%= raw setting["html.per_page_code_head"] %>
</head> </head>
<body class="<%= yield (:body_class) %>"> <body class="<%= yield (:body_class) %>">
<%= setting["html.per_page_code_body"].try(:html_safe) %> <%= raw setting["html.per_page_code_body"] %>
<h1 class="show-for-sr"><%= setting["org_name"] %></h1> <h1 class="show-for-sr"><%= setting["org_name"] %></h1>

4
app/views/layouts/dashboard.html.erb
View File

@@ -18,10 +18,10 @@
type: "image/png" %> type: "image/png" %>
<%= content_for :social_media_meta_tags %> <%= content_for :social_media_meta_tags %>
<%= setting["per_page_code_head"].try(:html_safe) %> <%= raw setting["per_page_code_head"] %>
</head> </head>
<body class="proposal-dashboard"> <body class="proposal-dashboard">
<%= setting["per_page_code_body"].try(:html_safe) %> <%= raw setting["per_page_code_body"] %>
<h1 class="show-for-sr"><%= setting["org_name"] %></h1> <h1 class="show-for-sr"><%= setting["org_name"] %></h1>

4
app/views/layouts/devise.html.erb
View File

@@ -3,11 +3,11 @@
<head> <head>
<%= render "layouts/common_head", default_title: "Gobierno abierto" %> <%= render "layouts/common_head", default_title: "Gobierno abierto" %>
<%= render "layouts/meta_tags" %> <%= render "layouts/meta_tags" %>
<%= setting["html.per_page_code_head"].try(:html_safe) %> <%= raw setting["html.per_page_code_head"] %>
</head> </head>
<body class="auth-page"> <body class="auth-page">
<%= setting["html.per_page_code_body"].try(:html_safe) %> <%= raw setting["html.per_page_code_body"] %>
<div class="wrapper"> <div class="wrapper">
<div class="auth-image small-12 medium-3 column"> <div class="auth-image small-12 medium-3 column">
<h1 class="logo margin"> <h1 class="logo margin">

4
app/views/layouts/proposals_dashboard.html.erb
View File

@@ -18,10 +18,10 @@
type: "image/png" %> type: "image/png" %>
<%= content_for :social_media_meta_tags %> <%= content_for :social_media_meta_tags %>
<%= setting["per_page_code_head"].try(:html_safe) %> <%= raw setting["per_page_code_head"] %>
</head> </head>
<body class="proposal-dashboard"> <body class="proposal-dashboard">
<%= setting["per_page_code_body"].try(:html_safe) %> <%= raw setting["per_page_code_body"] %>
<h1 class="show-for-sr"><%= setting["org_name"] %></h1> <h1 class="show-for-sr"><%= setting["org_name"] %></h1>