cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use _html suffix to avoid using raw when displaying translated strings

Browse source 
This is safer than raw, since any user input is still escaped.
This commit is contained in:
Andy Allan 2020-01-02 17:43:34 +01:00
parent 8dba8cd4a0
commit 5aa255e13f
7 changed files with 21 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/browse/history.html.erb
View file

@ -2,7 +2,7 @@
<h2>
<a class="geolink" href="<%= root_path %>"><span class="icon close"></span></a>
<%= raw t("browse.#{@type}.history_title", :name => printable_name(@feature)) %>
<%= t("browse.#{@type}.history_title_html", :name => printable_name(@feature)) %>
</h2>
<%= render :partial => @type, :collection => @feature.send("old_#{@type}s").reverse %>

2
app/views/oauth/authorize.html.erb
View file

@ -2,7 +2,7 @@
<h1><%= t ".title" %></h1>
<% end %>
<p><%= raw t(".request_access", :app_name => link_to(@token.client_application.name, @token.client_application.url), :user => link_to(current_user.display_name, user_path(current_user))) %></p>
<p><%= t(".request_access_html", :app_name => link_to(@token.client_application.name, @token.client_application.url), :user => link_to(current_user.display_name, user_path(current_user))) %></p>
<%= form_tag authorize_url do %>
<%= hidden_field_tag "oauth_token", @token.token %>

2
app/views/oauth/authorize_success.html.erb
View file

@ -2,7 +2,7 @@
<h1><%= t ".title" %></h1>
<% end %>
<p><%= raw t(".allowed", :app_name => link_to(@token.client_application.name, @token.client_application.url)) %></p>
<p><%= t(".allowed_html", :app_name => link_to(@token.client_application.name, @token.client_application.url)) %></p>
<% if @token.oob? and not @token.oauth10? %>
<p><%= t ".verification", :code => @token.verifier %></p>

2
app/views/oauth_clients/index.html.erb
View file

@ -29,7 +29,7 @@
<% end %>
<h3><%= t ".my_apps" %></h3>
<% if @client_applications.empty? %>
<p><%= raw(t(".no_apps", :oauth => "<a href=\"https://oauth.net\">OAuth</a>")) %></p>
<p><%= t(".no_apps_html", :oauth => link_to(t(".oauth"), "https://oauth.net" )) %></p>
<% else %>
<p><%= t ".registered_apps" %></p>
<% @client_applications.each do |client| %>

4
app/views/users/_user.html.erb
View file

@ -7,12 +7,12 @@
<td>
<p>
<% if user.creation_ip %>
<%= raw t "users.index.summary",
<%= t "users.index.summary_html",
:name => link_to(h(user.display_name), user_path(user)),
:ip_address => link_to(user.creation_ip, :ip => user.creation_ip),
:date => l(user.creation_time, :format => :friendly) %>
<% else %>
<%= raw t "users.index.summary_no_ip",
<%= t "users.index.summary_no_ip_html",
:name => link_to(h(user.display_name), user_path(user)),
:date => l(user.creation_time, :format => :friendly) %>
<% end %>

2
app/views/users/new.html.erb
View file

@ -70,7 +70,7 @@
</fieldset>
<div id="auth_prompt" class="form-row">
<%= link_to raw(t(".use external auth")), "#", :id => "auth_enable" %>
<%= link_to t(".use external auth"), "#", :id => "auth_enable" %>
</div>
<%= submit_tag t(".continue"), :tabindex => 8 %>

17
config/locales/en.yml
View file

@ -222,17 +222,17 @@ en:
still_open: "Changeset still open - discussion will open once the changeset is closed."
node:
title_html: "Node: %{name}"
history_title: "Node History: %{name}"
history_title_html: "Node History: %{name}"
way:
title_html: "Way: %{name}"
history_title: "Way History: %{name}"
history_title_html: "Way History: %{name}"
nodes: "Nodes"
also_part_of_html:
one: "part of way %{related_ways}"
other: "part of ways %{related_ways}"
relation:
title_html: "Relation: %{name}"
history_title: "Relation History: %{name}"
history_title_html: "Relation History: %{name}"
members: "Members"
relation_member:
entry_html: "%{type} %{name}"
@ -1911,7 +1911,7 @@ en:
oauth:
authorize:
title: "Authorize access to your account"
request_access: "The application %{app_name} is requesting access to your account, %{user}. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like."
request_access_html: "The application %{app_name} is requesting access to your account, %{user}. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like."
allow_to: "Allow the client application to:"
allow_read_prefs: "read your user preferences."
allow_write_prefs: "modify your user preferences."
@ -1923,7 +1923,7 @@ en:
grant_access: "Grant Access"
authorize_success:
title: "Authorization request allowed"
allowed: "You have granted application %{app_name} access to your account."
allowed_html: "You have granted application %{app_name} access to your account."
verification: "The verification code is %{code}."
authorize_failure:
title: "Authorization request failed"
@ -1965,7 +1965,8 @@ en:
issued_at: "Issued At"
revoke: "Revoke!"
my_apps: "My Client Applications"
no_apps: "Do you have an application you would like to register for use with us using the %{oauth} standard? You must register your web application before it can make OAuth requests to this service."
no_apps_html: "Do you have an application you would like to register for use with us using the %{oauth} standard? You must register your web application before it can make OAuth requests to this service."
oauth: OAuth
registered_apps: "You have the following client applications registered:"
register_new: "Register your application"
form:
@ -2275,8 +2276,8 @@ en:
showing:
one: Page %{page} (%{first_item} of %{items})
other: Page %{page} (%{first_item}-%{last_item} of %{items})
summary: "%{name} created from %{ip_address} on %{date}"
summary_no_ip: "%{name} created on %{date}"
summary_html: "%{name} created from %{ip_address} on %{date}"
summary_no_ip_html: "%{name} created on %{date}"
confirm: Confirm Selected Users
hide: Hide Selected Users
empty: No matching users found