From b1b449b18741e661478f8810d5fa0b81d12c74d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Sun, 6 Oct 2019 16:01:40 +0200
Subject: [PATCH] Add rubocop and erb-lints rules for output safetey

This way we make sure we won't add `html_safe` or `raw` calls in the
future.

I'm excluding `text_with_links_helpers` for this check, because in this
situation the use of `html_safe` is justified: we check the original
input is safe, and we're only adding link tags to raw URLs.
---
 .erb-lint.yml      | 2 ++
 .rubocop_basic.yml | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/.erb-lint.yml b/.erb-lint.yml
index 5f48c3355..e87a778f8 100644
--- a/.erb-lint.yml
+++ b/.erb-lint.yml
@@ -1,5 +1,7 @@
 ---
 linters:
+  ErbSafety:
+    enabled: true
   ExtraNewline:
     enabled: true
   FinalNewline:
diff --git a/.rubocop_basic.yml b/.rubocop_basic.yml
index a348f705b..ba3b32daa 100644
--- a/.rubocop_basic.yml
+++ b/.rubocop_basic.yml
@@ -160,6 +160,12 @@ Rails/Date:
 Rails/HttpPositionalArguments:
   Enabled: true
 
+Rails/OutputSafety:
+  Enabled: true
+  Severity: warning
+  Exclude:
+    - app/helpers/text_with_links_helper.rb
+
 Rails/PluralizationGrammar:
   Enabled: true