consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
928312e2187e2369503a13056969fe5bff8e1483
nairobi/app/views/comments/_votes.html.erb
Javi Martín 928312e218 Use sanitize in translations with links 
Sometimes we're interpolating a link inside a translation, and marking
the whole translations as HTML safe.

However, some translations added by admins to the database or through
crowdin are not entirely under our control.

Although AFAIK crowdin checks for potential cross-site scripting
attacks, it's a good practice to sanitize parts of a string potentially
out of our control before marking the string as HTML safe.
2019-10-08 18:46:21 +02:00

88 lines
2.9 KiB
Plaintext
Raw Blame History

<div class="votes">
<% if user_signed_in? %>
<%= t("comments.comment.votes", count: comment.total_votes) %>
&nbsp;|&nbsp;
<span class="in_favor">
<% if can?(:vote, comment) %>
<%= link_to vote_comment_path(comment, value: "yes"),
method: "post", remote: true, title: t("votes.agree") do %>
<span class="icon-like">
<span class="show-for-sr"><%= t("votes.agree") %></span>
</span>
<% end %>
<% else %>
<%= link_to new_user_session_path do %>
<span class="icon-like">
<span class="show-for-sr"><%= t("votes.agree") %></span>
</span>
<% end %>
<% end %>
<%= comment.total_likes %>
</span>
<span class="against">
<% if can?(:vote, comment) %>
<%= link_to vote_comment_path(comment, value: "no"),
method: "post", remote: true, title: t("votes.disagree") do %>
<span class="icon-unlike">
<span class="show-for-sr"><%= t("votes.disagree") %></span>
</span>
<% end %>
<% else %>
<span class="icon-unlike">
<span class="show-for-sr"><%= t("votes.disagree") %></span>
</span>
<% end %>
<%= comment.total_dislikes %>
</span>
<% elsif !user_signed_in? %>
<div class="participation-allowed">
<%= t("comments.comment.votes", count: comment.total_votes) %>
&nbsp;|&nbsp;
<span class="in_favor">
<% if can?(:vote, comment) %>
<%= link_to vote_comment_path(comment, value: "yes"),
method: "post", remote: true, title: t("votes.agree") do %>
<span class="icon-like">
<span class="show-for-sr"><%= t("votes.agree") %></span>
</span>
<% end %>
<% else %>
<%= link_to new_user_session_path do %>
<span class="icon-like">
<span class="show-for-sr"><%= t("votes.agree") %></span>
</span>
<% end %>
<% end %>
<%= comment.total_likes %>
</span>
<span class="against">
<% if can?(:vote, comment) %>
<%= link_to vote_comment_path(comment, value: "no"),
method: "post", remote: true, title: t("votes.disagree") do %>
<span class="icon-unlike">
<span class="show-for-sr"><%= t("votes.disagree") %></span>
</span>
<% end %>
<% else %>
<%= link_to new_user_session_path do %>
<span class="icon-unlike">
<span class="show-for-sr"><%= t("votes.disagree") %></span>
</span>
<% end %>
<% end %>
<%= comment.total_dislikes %>
</span>
</div>
<div class="participation-not-allowed" style="display:none" aria-hidden="false">
<%= sanitize(t("votes.comment_unauthenticated", signin: link_to_signin, signup: link_to_signup)) %>
</div>
<% end %>
</div>
Reference in New Issue View Git Blame Copy Permalink