Don't check ERB Lint ErbSafety in files using raw
We're excluding these files because they use `raw` to render content than only administrators can edit, and we trust administrators not to provide unsafe HTML. We should definitely sanitize them at some point but, at the same time, we should also try to keep compatibility in installations taking advantage of `raw`. Also note that ERB Lint does not allow customizing the severity of a linter; if it ever does, we'll use the severity rule instead of excluding files.
This commit is contained in:
Javi Martín
@@ -9,6 +9,16 @@ linters:
|
||||
enabled: true
|
||||
ErbSafety:
|
||||
enabled: true
|
||||
exclude:
|
||||
- app/components/budgets/investments/content_blocks_component.html.erb
|
||||
- app/components/layout/footer_component.html.erb
|
||||
- app/components/layout/social_component.html.erb
|
||||
- app/components/layout/subnavigation_component.html.erb
|
||||
- app/components/layout/top_links_component.html.erb
|
||||
- app/views/admin/site_customization/content_blocks/index.html.erb
|
||||
- app/views/layouts/application.html.erb
|
||||
- app/views/layouts/dashboard.html.erb
|
||||
- app/views/layouts/devise.html.erb
|
||||
ExtraNewline:
|
||||
enabled: true
|
||||
FinalNewline:
|
||||
|
||||
Reference in New Issue
Block a user