cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use _html suffix to avoid using raw when displaying translated strings

Browse source 
This is safer than raw, since any user input is still escaped.
This commit is contained in:
Andy Allan 2019-12-22 11:28:18 +01:00
parent 217f616630
commit dddef7672e
8 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/site/_potlatch.html.erb
View file

@ -6,5 +6,5 @@
<% data[:lat] = @lat if @lat -%>
<% data[:lon] = @lon if @lon -%>
<% data[:zoom] = @zoom if @zoom -%>
<%= content_tag :div, raw(t("site.edit.flash_player_required")), :id => "potlatch", :data => data %>
<%= content_tag :div, t("site.edit.flash_player_required_html"), :id => "potlatch", :data => data %>
</div>

4
app/views/site/edit.html.erb
View file

@ -5,8 +5,8 @@
<p><%= t "layouts.osm_read_only" %></p>
<% elsif !current_user.data_public? %>
<p><%= t ".not_public" %></p>
<p><%= raw t ".not_public_description", :user_page => (link_to t(".user_page_link"), :controller => "users", :action => "account", :display_name => current_user.display_name, :anchor => "public") %></p>
<p><%= raw t "site.edit.anon_edits", :link => link_to(t(".anon_edits_link_text"), t(".anon_edits_link")) %></p>
<p><%= t ".not_public_description_html", :user_page => (link_to t(".user_page_link"), :controller => "users", :action => "account", :display_name => current_user.display_name, :anchor => "public") %></p>
<p><%= t ".anon_edits_html", :link => link_to(t(".anon_edits_link_text"), t(".anon_edits_link")) %></p>
<% else %>
<%= render :partial => preferred_editor %>
<% end %>

2
app/views/site/export.html.erb
View file

@ -21,7 +21,7 @@
</div>
<h4><%= t ".licence" %></h4>
<p><%= raw t ".export_details" %></p>
<p><%= t ".export_details_html" %></p>
<div id="export_osm_too_large">
<p class="warning">

2
app/views/users/account.html.erb
View file

@ -175,6 +175,6 @@
<% unless current_user.data_public? %>
<a name="public"></a>
<h2><%= t ".public editing note.heading" %></h2>
<%= raw t ".public editing note.text" %>
<%= t ".public editing note.html" %>
<%= button_to t(".make edits public button"), :action => :go_public %>
<% end %>

2
app/views/users/blocked.html.erb
View file

@ -6,5 +6,5 @@
<div class="message">
<h1><%= t "users.new.no_auto_account_create" %></h1>
<h2><%= raw t "users.new.contact_webmaster", :webmaster => "mailto:#{Settings.support_email}" %></h2>
<h2><%= t "users.new.contact_webmaster_html", :webmaster => "mailto:#{Settings.support_email}" %></h2>
</div>

2
app/views/users/suspended.html.erb
View file

@ -4,4 +4,4 @@
<h1><%= t ".heading" %></h1>
<% end %>
<%= raw t ".body", :webmaster => link_to(t(".webmaster"), "mailto:#{Settings.support_email}") %>
<%= t ".body_html", :webmaster => link_to(t(".webmaster"), "mailto:#{Settings.support_email}") %>

6
app/views/users/terms.html.erb
View file

@ -35,9 +35,9 @@
<div>
<p id="contributorGuidance" class="deemphasize">
<%= raw t ".guidance",
:summary => "https://www.osmfoundation.org/wiki/License/Contributor_Terms_Summary",
:translations => "https://www.osmfoundation.org/wiki/License/Contributor_Terms/Informal_Translations" %>
<%= t ".guidance_html",
:summary => "https://www.osmfoundation.org/wiki/License/Contributor_Terms_Summary",
:translations => "https://www.osmfoundation.org/wiki/License/Contributor_Terms/Informal_Translations" %>
</p>
</div>
<div class="form-row">

14
config/locales/en.yml
View file

@ -1521,9 +1521,9 @@ en:
remote_failed: "Editing failed - make sure JOSM or Merkaartor is loaded and the remote control option is enabled"
edit:
not_public: "You have not set your edits to be public."
not_public_description: "You can no longer edit the map unless you do so. You can set your edits as public from your %{user_page}."
not_public_description_html: "You can no longer edit the map unless you do so. You can set your edits as public from your %{user_page}."
user_page_link: user page
anon_edits: "(%{link})"
anon_edits_html: "(%{link})"
anon_edits_link: "https://wiki.openstreetmap.org/wiki/Disabling_anonymous_edits"
anon_edits_link_text: "Find out why this is the case."
flash_player_required_html: 'You need a Flash player to use Potlatch, the OpenStreetMap Flash editor. You can <a href="https://get.adobe.com/flashplayer/">download Flash Player from Adobe.com</a>. <a href="https://wiki.openstreetmap.org/wiki/Editing">Several other options</a> are also available for editing OpenStreetMap.'
@ -1541,7 +1541,7 @@ en:
map_image: "Map Image (shows standard layer)"
embeddable_html: "Embeddable HTML"
licence: "Licence"
export_details: 'OpenStreetMap data is licensed under the <a href="https://opendatacommons.org/licenses/odbl/1.0/">Open Data Commons Open Database License</a> (ODbL).'
export_details_html: 'OpenStreetMap data is licensed under the <a href="https://opendatacommons.org/licenses/odbl/1.0/">Open Data Commons Open Database License</a> (ODbL).'
too_large:
advice: "If the above export fails, please consider using one of the sources listed below:"
body: "This area is too large to be exported as OpenStreetMap XML Data. Please zoom in or select a smaller area, or use one of the sources listed below for bulk data downloads."
@ -2062,7 +2062,7 @@ en:
new:
title: "Sign Up"
no_auto_account_create: "Unfortunately we are not currently able to create an account for you automatically."
contact_webmaster: 'Please contact the <a href="%{webmaster}">webmaster</a> to arrange for an account to be created - we will try and deal with the request as quickly as possible.'
contact_webmaster_html: 'Please contact the <a href="%{webmaster}">webmaster</a> to arrange for an account to be created - we will try and deal with the request as quickly as possible.'
about:
header: Free and editable
html: |
@ -2096,7 +2096,7 @@ en:
consider_pd: "In addition to the above, I consider my contributions to be in the Public Domain"
consider_pd_why: "what's this?"
consider_pd_why_url: https://www.osmfoundation.org/wiki/License/Why_would_I_want_my_contributions_to_be_public_domain
guidance: 'Information to help understand these terms: a <a href="%{summary}">human readable summary</a> and some <a href="%{translations}">informal translations</a>'
guidance_html: 'Information to help understand these terms: a <a href="%{summary}">human readable summary</a> and some <a href="%{translations}">informal translations</a>'
continue: Continue
declined: "https://wiki.openstreetmap.org/wiki/Contributor_Terms_Declined"
decline: "Decline"
@ -2198,7 +2198,7 @@ en:
disabled link text: "why can't I edit?"
public editing note:
heading: "Public editing"
text: "Currently your edits are anonymous and people cannot send you messages or see your location. To show what you edited and allow people to contact you through the website, click the button below. <b>Since the 0.6 API changeover, only public users can edit map data</b>. (<a href=\"https://wiki.openstreetmap.org/wiki/Anonymous_edits\">find out why</a>).<ul><li>Your email address will not be revealed by becoming public.</li><li>This action cannot be reversed and all new users are now public by default.</li></ul>"
html: "Currently your edits are anonymous and people cannot send you messages or see your location. To show what you edited and allow people to contact you through the website, click the button below. <b>Since the 0.6 API changeover, only public users can edit map data</b>. (<a href=\"https://wiki.openstreetmap.org/wiki/Anonymous_edits\">find out why</a>).<ul><li>Your email address will not be revealed by becoming public.</li><li>This action cannot be reversed and all new users are now public by default.</li></ul>"
contributor terms:
heading: "Contributor Terms:"
agreed: "You have agreed to the new Contributor Terms."
@ -2284,7 +2284,7 @@ en:
title: Account Suspended
heading: Account Suspended
webmaster: webmaster
body: |
body_html: |
<p>
Sorry, your account has been automatically suspended due to
suspicious activity.