consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
61bf9a5c7307f9ffbed4519dee15d0bb90ccfea7
nairobi/app/views/budgets/ballot/_ballot.html.erb
Javi Martín 61bf9a5c73 Use sanitize instead of html_safe 
The difference is `html_safe` allows every HTML tag, including the
`<script>` tag, while `sanitize` only allows tags which are considered
safe. In this case, we want to allow a `<span>` tag in a translation,
and links inside flash messages.
2019-10-08 18:46:21 +02:00

69 lines
2.2 KiB
Plaintext
Raw Blame History

<div class="expanded budget no-margin-top padding">
<div class="row">
<%= back_link_to @ballot_referer %>
<h1 class="text-center"><%= t("budgets.ballots.show.title") %></h1>
<div class="small-12 medium-8 column small-centered text-center">
<h2>
<%= t("budgets.ballots.show.voted_html",
count: @ballot.investments.count) %>
</h2>
<p class="confirmed">
<%= t("budgets.ballots.show.voted_info") %>
<p>
<p><%= t("budgets.ballots.show.voted_info_2") %></p>
</div>
</div>
</div>
<div class="row ballot">
<% ballot_groups = @ballot.groups.sort_by_name %>
<% ballot_groups.each do |group| %>
<div id="<%= dom_id(group) %>" class="small-12 medium-6 column end">
<div class="margin-top ballot-content">
<div class="subtitle">
<h3>
<%= group.name %> - <%= @ballot.heading_for_group(group).name %>
</h3>
<%= link_to sanitize(t("budgets.ballots.show.remaining",
amount: @ballot.formatted_amount_available(@ballot.heading_for_group(group)))),
budget_group_path(@budget, group) %>
</div>
<% if @ballot.has_lines_in_group?(group) %>
<h4 class="amount-spent text-right">
<%= t("budgets.ballots.show.amount_spent") %>
<span>
<%= @ballot.formatted_amount_spent(@ballot.heading_for_group(group)) %>
</span>
</h4>
<% else %>
<p>
<%= t("budgets.ballots.show.zero") %><br>
</p>
<% end %>
<ul class="ballot-list">
<%= render partial: "budgets/ballot/investment",
collection: @ballot.investments.by_group(group.id) %>
</ul>
</div>
</div>
<% end %>
<% no_balloted_groups = @budget.groups.sort_by_name - ballot_groups %>
<% no_balloted_groups.each do |group| %>
<div id="<%= dom_id(group) %>" class="small-12 medium-6 column end">
<div class="margin-top ballot-content">
<div class="subtitle">
<h3>
<%= group.name %>
</h3>
<%= link_to t("budgets.ballots.show.no_balloted_group_yet"), budget_group_path(@budget, group) %>
</div>
</div>
</div>
<% end %>
</div>
Reference in New Issue View Git Blame Copy Permalink