consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
928312e2187e2369503a13056969fe5bff8e1483
nairobi/app/views/mailer/direct_message_for_receiver.html.erb
Javi Martín 928312e218 Use sanitize in translations with links 
Sometimes we're interpolating a link inside a translation, and marking
the whole translations as HTML safe.

However, some translations added by admins to the database or through
crowdin are not entirely under our control.

Although AFAIK crowdin checks for potential cross-site scripting
attacks, it's a good practice to sanitize parts of a string potentially
out of our control before marking the string as HTML safe.
2019-10-08 18:46:21 +02:00

38 lines
1.9 KiB
Plaintext
Raw Blame History

<td style="padding-bottom: 20px; padding-left: 10px;">
<h1 style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;">
<%= @direct_message.title %>
</h1>
<div style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px;">
<%= simple_format sanitize_and_auto_link(@direct_message.body), {}, sanitize: false %>
</div>
<table style="width: 100%; border-top: 1px solid #DEE0E3; margin-top: 60px;">
<tbody>
<tr>
<td style="padding-bottom: 12px; padding-top: 24px; text-align: center;">
<%= link_to user_url(@direct_message.sender), style: "font-family: 'Open Sans','Helvetica Neue',arial,sans-serif; background: #f7f5f2; border-radius: 6px; color: #3d3d66!important; font-weight: bold; margin: 0px; padding: 10px 15px; text-align: center; text-decoration: none; min-width: 200px; display: inline-block;", target: "_blank" do %>
<%= image_tag("icon_mailer_reply.png", style: "border: 0; display: inline-block; width: 100%; max-width: 12px; vertical-align: sub;", alt: "") %>
<%= t("mailers.direct_message_for_receiver.reply",
sender: @direct_message.sender.name) %>
<% end %>
</td>
</tr>
</tbody>
</table>
<table style="width: 100%;">
<tbody>
<tr>
<td style="padding-left: 10px;">
<p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px; margin: 0; font-style: italic; padding-bottom: 20px;">
<%= sanitize(t("mailers.direct_message_for_receiver.unsubscribe",
account: link_to(t("mailers.direct_message_for_receiver.unsubscribe_account"),
account_url, style: "color: #2895F1; text-decoration: none;"))) %>
</p>
</td>
</tr>
</tbody>
</table>
</td>
Reference in New Issue View Git Blame Copy Permalink