928312e218
Sometimes we're interpolating a link inside a translation, and marking the whole translations as HTML safe. However, some translations added by admins to the database or through crowdin are not entirely under our control. Although AFAIK crowdin checks for potential cross-site scripting attacks, it's a good practice to sanitize parts of a string potentially out of our control before marking the string as HTML safe.
55 lines
2.4 KiB
Plaintext
55 lines
2.4 KiB
Plaintext
<% provide :title do %><%= t("devise_views.users.registrations.new.title") %><% end %>
|
|
<h2><%= t("devise_views.users.registrations.new.title") %></h2>
|
|
|
|
<%= render "devise/omniauth_form" %>
|
|
|
|
<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
|
|
<%= render "shared/errors", resource: resource %>
|
|
|
|
<p>
|
|
<%= sanitize(t("devise_views.users.registrations.new.organization_signup",
|
|
signup_link: link_to(t("devise_views.users.registrations.new.organization_signup_link"), new_organization_registration_path))) %>
|
|
</p>
|
|
|
|
<div class="row">
|
|
<div class="small-12 column">
|
|
|
|
<%= f.hidden_field :use_redeemable_code %>
|
|
<%= f.hidden_field :locale, value: I18n.locale %>
|
|
|
|
<%= f.text_field :username, autofocus: true, maxlength: User.username_max_length,
|
|
placeholder: t("devise_views.users.registrations.new.username_label"),
|
|
hint: t("devise_views.users.registrations.new.username_note") %>
|
|
|
|
<%= f.invisible_captcha :address %>
|
|
|
|
<%= f.email_field :email, placeholder: t("devise_views.users.registrations.new.email_label") %>
|
|
|
|
<%= f.password_field :password, autocomplete: "off",
|
|
placeholder: t("devise_views.users.registrations.new.password_label") %>
|
|
|
|
<%= f.password_field :password_confirmation, autocomplete: "off",
|
|
label: t("devise_views.users.registrations.new.password_confirmation_label"),
|
|
placeholder: t("devise_views.users.registrations.new.password_confirmation_label") %>
|
|
|
|
<% if resource.use_redeemable_code %>
|
|
<%= f.text_field :redeemable_code, placeholder: t("devise_views.users.registrations.new.redeemable_code") %>
|
|
<% end %>
|
|
|
|
<%= f.check_box :terms_of_service,
|
|
title: t("devise_views.users.registrations.new.terms_title"),
|
|
label: t("devise_views.users.registrations.new.terms",
|
|
terms: link_to(t("devise_views.users.registrations.new.terms_link"), "/conditions",
|
|
title: t("shared.target_blank"),
|
|
target: "_blank")
|
|
) %>
|
|
|
|
<div class="small-12 medium-6 small-centered">
|
|
<%= f.submit t("devise_views.users.registrations.new.submit"), class: "button expanded" %>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<% end %>
|
|
|
|
<%= render "devise/shared/links" %>
|