cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use _html suffix to avoid using raw when displaying translated strings

Browse source 
This is safer than raw, since any user input is still escaped.
This commit is contained in:
Andy Allan 2020-01-02 17:13:41 +01:00
parent dddef7672e
commit 8dba8cd4a0
7 changed files with 36 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/views/browse/_containing_relation.html.erb
View file

@ -1,7 +1,7 @@
<li><%= linked_name = link_to h(printable_name(containing_relation.relation)), :action => "relation", :id => containing_relation.relation.id.to_s
if containing_relation.member_role.blank?
raw t ".entry", :relation_name => linked_name
t ".entry_html", :relation_name => linked_name
else
raw t ".entry_role", :relation_name => linked_name, :relation_role => h(containing_relation.member_role)
t ".entry_role_html", :relation_name => linked_name, :relation_role => h(containing_relation.member_role)
end %>
</li>

4
app/views/browse/_relation_member.html.erb
View file

@ -3,8 +3,8 @@
type_str = t ".type." + relation_member.member_type.downcase %>
<li class="<%= member_class %>">
<%= if relation_member.member_role.blank?
raw t ".entry", :type => type_str, :name => linked_name
t ".entry_html", :type => type_str, :name => linked_name
else
raw t ".entry_role", :type => type_str, :name => linked_name, :role => h(relation_member.member_role)
t ".entry_role_html", :type => type_str, :name => linked_name, :role => h(relation_member.member_role)
end %>
</li>

2
app/views/browse/_way.html.erb
View file

@ -25,7 +25,7 @@
<%= link_to printable_name(wn.node), { :action => "node", :id => wn.node_id.to_s }, { :class => link_class("node", wn.node), :title => link_title(wn.node), :rel => link_follow(wn.node) } %>
<% related_ways = wn.node.ways.reject { |w| w.id == wn.way_id } %>
<% if related_ways.size > 0 then %>
(<%= raw t ".also_part_of", :count => related_ways.size, :related_ways => related_ways.map { |w| link_to(printable_name(w), { :action => "way", :id => w.id.to_s }, { :class => link_class("way", w), :title => link_title(w) }) }.to_sentence %>)
(<%= t ".also_part_of_html", :count => related_ways.size, :related_ways => to_sentence(related_ways.map { |w| link_to(printable_name(w), { :action => "way", :id => w.id.to_s }, { :class => link_class("way", w), :title => link_title(w) }) }) %>)
<% end %>
</li>
<% end %>

2
app/views/browse/feature.html.erb
View file

@ -2,7 +2,7 @@
<h2>
<a class="geolink" href="<%= root_path %>"><span class="icon close"></span></a>
<%= raw t("browse.#{@type}.title", :name => printable_name(@feature)) %>
<%= t("browse.#{@type}.title_html", :name => printable_name(@feature)) %>
</h2>
<%= render :partial => @type, :object => @feature %>

2
app/views/geocoder/search.html.erb
View file

@ -5,7 +5,7 @@
<%= t("site.sidebar.search_results") %>
</h2>
<% @sources.each do |source| %>
<h4 class="inner12"><%= raw(t(".title.#{source}")) %></h4>
<h4 class="inner12"><%= t(".title.#{source}_html") %></h4>
<div class="search_results_entry" data-href="<%= url_for @params.merge(:action => "search_#{source}") %>">
<%= image_tag "searching.gif", :class => "loader" %>
</div>

26
app/views/site/copyright.html.erb
View file

@ -6,14 +6,14 @@
<%= tag.h1 :lang => @locale, :dir => t("html.dir", :locale => @locale) do %>
<h1><%= t ".native.title" %></h1>
<p>
<%= raw t ".native.text",
:native_link => link_to(t(".native.native_link"),
:controller => "site",
:action => "copyright",
:copyright_locale => nil),
:mapping_link => link_to(t(".native.mapping_link"),
:controller => "site",
:action => "index") %>
<%= t ".native.html",
:native_link => link_to(t(".native.native_link"),
:controller => "site",
:action => "copyright",
:copyright_locale => nil),
:mapping_link => link_to(t(".native.mapping_link"),
:controller => "site",
:action => "index") %>
</p>
<% end %>
<hr />
@ -24,11 +24,11 @@
<% if t(".legal_babble", :locale => @locale) != t(".legal_babble", :locale => :en) %>
<h1><%= t ".foreign.title" %></h1>
<p>
<%= raw t ".foreign.text",
:english_original_link => link_to(t(".foreign.english_link"),
:controller => "site",
:action => "copyright",
:copyright_locale => "en") %>
<%= t ".foreign.html",
:english_original_link => link_to(t(".foreign.english_link"),
:controller => "site",
:action => "copyright",
:copyright_locale => "en") %>
</p>
<% end %>
<hr />

32
config/locales/en.yml
View file

@ -221,29 +221,29 @@ en:
discussion: Discussion
still_open: "Changeset still open - discussion will open once the changeset is closed."
node:
title: "Node: %{name}"
title_html: "Node: %{name}"
history_title: "Node History: %{name}"
way:
title: "Way: %{name}"
title_html: "Way: %{name}"
history_title: "Way History: %{name}"
nodes: "Nodes"
also_part_of:
also_part_of_html:
one: "part of way %{related_ways}"
other: "part of ways %{related_ways}"
relation:
title: "Relation: %{name}"
title_html: "Relation: %{name}"
history_title: "Relation History: %{name}"
members: "Members"
relation_member:
entry: "%{type} %{name}"
entry_role: "%{type} %{name} as %{role}"
entry_html: "%{type} %{name}"
entry_role_html: "%{type} %{name} as %{role}"
type:
node: "Node"
way: "Way"
relation: "Relation"
containing_relation:
entry: "Relation %{relation_name}"
entry_role: "Relation %{relation_name} (as %{relation_role})"
entry_html: "Relation %{relation_name}"
entry_role_html: "Relation %{relation_name} (as %{relation_role})"
not_found:
sorry: "Sorry, %{type} #%{id} could not be found."
type:
@ -422,12 +422,12 @@ en:
geocoder:
search:
title:
latlon: 'Results from <a href="https://openstreetmap.org/">Internal</a>'
ca_postcode: 'Results from <a href="https://geocoder.ca/">Geocoder.CA</a>'
osm_nominatim: 'Results from <a href="https://nominatim.openstreetmap.org/">OpenStreetMap Nominatim</a>'
geonames: 'Results from <a href="http://www.geonames.org/">GeoNames</a>'
osm_nominatim_reverse: 'Results from <a href="https://nominatim.openstreetmap.org/">OpenStreetMap Nominatim</a>'
geonames_reverse: 'Results from <a href="http://www.geonames.org/">GeoNames</a>'
latlon_html: 'Results from <a href="https://openstreetmap.org/">Internal</a>'
ca_postcode_html: 'Results from <a href="https://geocoder.ca/">Geocoder.CA</a>'
osm_nominatim_html: 'Results from <a href="https://nominatim.openstreetmap.org/">OpenStreetMap Nominatim</a>'
geonames_html: 'Results from <a href="http://www.geonames.org/">GeoNames</a>'
osm_nominatim_reverse_html: 'Results from <a href="https://nominatim.openstreetmap.org/">OpenStreetMap Nominatim</a>'
geonames_reverse_html: 'Results from <a href="http://www.geonames.org/">GeoNames</a>'
search_osm_nominatim:
prefix_format: "%{name}"
prefix:
@ -1373,11 +1373,11 @@ en:
copyright:
foreign:
title: About this translation
text: In the event of a conflict between this translated page and %{english_original_link}, the English page shall take precedence
html: In the event of a conflict between this translated page and %{english_original_link}, the English page shall take precedence
english_link: the English original
native:
title: About this page
text: You are viewing the English version of the copyright page. You can go back to the %{native_link} of this page or you can stop reading about copyright and %{mapping_link}.
html: You are viewing the English version of the copyright page. You can go back to the %{native_link} of this page or you can stop reading about copyright and %{mapping_link}.
native_link: THIS_LANGUAGE_NAME_HERE version
mapping_link: start mapping
legal_babble: