This is safer than raw, since any user input is still escaped.
<div class='user-image'></div>
- <h1><%= raw t ".used_by", :name => "<span class='user-name'>OpenStreetMap</span>" %></h1>
+ <h1><%= t ".used_by_html", :name => content_tag(:span, "OpenStreetMap", :class => "user-name") %></h1>
</div>
<div class='text'>
<% @title = t(".title", :name => h(@user.display_name)) %>
<% content_for :heading do %>
- <h1><%= raw(t(".heading", :name => link_to(h(@user.display_name), user_path(@user)))) %></h1>
+ <h1><%= t(".heading_html", :name => link_to(@user.display_name, user_path(@user))) %></h1>
<% end %>
<% unless @user_blocks.empty? %>
<% @title = t(".title", :name => h(@user.display_name)) %>
<% content_for :heading do %>
- <h1><%= raw(t(".heading", :name => link_to(h(@user.display_name), user_path(@user)))) %></h1>
+ <h1><%= t(".heading_html", :name => link_to(@user.display_name, user_path(@user))) %></h1>
<% end %>
<% unless @user_blocks.empty? %>
<%= render :partial => "blocks", :locals => { :show_revoke_link => can?(:revoke, UserBlock), :show_user_name => false, :show_creator_name => true } %>
<% @title = t ".title", :name => h(@user_block.user.display_name) %>
<% content_for :heading do %>
- <h1><%= raw t(".title",
- :name => link_to(h(@user_block.user.display_name),
- user_path(@user_block.user))) %></h1>
+ <h1><%= t(".heading_html",
+ :name => link_to(@user_block.user.display_name,
+ user_path(@user_block.user))) %></h1>
<ul class='secondary-actions clearfix'>
<li><%= link_to t(".show"), @user_block %></li>
<li><%= link_to t(".back"), user_blocks_path %></li>
<% @title = t ".title", :name => h(@user.display_name) %>
<% content_for :heading do %>
- <h1><%= raw t(".heading",
- :name => link_to(h(@user.display_name),
- user_path(@user))) %></h1>
+ <h1><%= t(".heading_html",
+ :name => link_to(@user.display_name,
+ user_path(@user))) %></h1>
<% end %>
<%= form_for(@user_block) do |f| %>
<%= f.error_messages %>
:block_by => h(@user_block.creator.display_name)) %>
<% content_for :heading do %>
- <h1><%= raw t(".heading",
- :block_on => link_to(h(@user_block.user.display_name),
- user_path(@user_block.user)),
- :block_by => link_to(h(@user_block.creator.display_name),
- user_path(@user_block.creator))) %></h1>
+ <h1><%= t(".heading_html",
+ :block_on => link_to(@user_block.user.display_name,
+ user_path(@user_block.user)),
+ :block_by => link_to(@user_block.creator.display_name,
+ user_path(@user_block.creator))) %></h1>
<% end %>
<% if @user_block.ends_at > Time.now %>
:block_by => @user_block.creator.display_name) %>
<% content_for :heading do %>
- <h1><%= raw t(".heading",
- :block_on => link_to(h(@user_block.user.display_name),
- user_path(@user_block.user)),
- :block_by => link_to(h(@user_block.creator.display_name),
- user_path(@user_block.creator))) %></h1>
+ <h1><%= t(".heading_html",
+ :block_on => link_to(@user_block.user.display_name,
+ user_path(@user_block.user)),
+ :block_by => link_to(@user_block.creator.display_name,
+ user_path(@user_block.creator))) %></h1>
<ul class='secondary-actions clearfix'>
<% if @user_block.ends_at > Time.now.getutc %>
<% if current_user and current_user.id == @user_block.creator_id %>
</ul>
<div id='login_openid_url' class='form-row'>
- <label for='openid_url' class="standard-label"><%= raw t ".openid", :logo => openid_logo %></label>
+ <label for='openid_url' class="standard-label"><%= t ".openid_html", :logo => openid_logo %></label>
<%= hidden_field_tag("openid_referer", params[:referer]) if params[:referer] %>
<%= text_field_tag("openid_url", "", :tabindex => 3, :class => "openid_url") %>
<span class="minorNote">(<a href="<%= t "users.account.openid.link" %>" target="_new"><%= t "users.account.openid.link text" %></a>)</span>
<%= f.email_field(:email_confirmation, :tabindex => 2) %>
<%= f.error_message_on(:email_confirmation) %>
</div>
- <span class="form-help deemphasize"><%= raw(t(".not displayed publicly")) %></span>
+ <span class="form-help deemphasize"><%= t(".not_displayed_publicly_html") %></span>
</fieldset>
<fieldset>
<fieldset class="form-divider" id="auth_field">
<div class="form-row">
<label for="openid_url" class="standard-label">
- <%= raw t ".external auth" %>
+ <%= t ".external auth" %>
</label>
<%= f.select(:auth_provider, Auth::PROVIDERS, :default => "", :tabindex => 4) %>
<%= f.text_field(:auth_uid, :tabindex => 5) %>
about:
next: Next
copyright_html: <span>©</span>OpenStreetMap<br>contributors
- used_by: "%{name} powers map data on thousands of web sites, mobile apps, and hardware devices"
+ used_by_html: "%{name} powers map data on thousands of web sites, mobile apps, and hardware devices"
lede_text: |
OpenStreetMap is built by a community of mappers that contribute and maintain data
about roads, trails, cafés, railway stations, and much more, all over the world.
heading: "Login"
email or username: "Email Address or Username:"
password: "Password:"
- openid: "%{logo} OpenID:"
+ openid_html: "%{logo} OpenID:"
remember: "Remember me"
lost password link: "Lost your password?"
login_button: "Login"
license_agreement: 'When you confirm your account you will need to agree to the <a href="https://www.osmfoundation.org/wiki/License/Contributor_Terms">contributor terms</a>.'
email address: "Email Address:"
confirm email address: "Confirm Email Address:"
- not
displayed publicly: 'Your address is not displayed publicly, see our <a href="https://wiki.osmfoundation.org/wiki/Privacy_Policy" title="OSMF privacy policy including section on email addresses">privacy policy</a> for more information'
+ not
_displayed_publicly_html: 'Your address is not displayed publicly, see our <a href="https://wiki.osmfoundation.org/wiki/Privacy_Policy" title="OSMF privacy policy including section on email addresses">privacy policy</a> for more information'
display name: "Display Name:"
display name description: "Your publicly displayed username. You can change this later in the preferences."
external auth: "Third Party Authentication:"
back: "Back to index"
new:
title: "Creating block on %{name}"
- heading: "Creating block on %{name}"
+ heading_html: "Creating block on %{name}"
reason: "The reason why %{name} is being blocked. Please be as calm and as reasonable as possible, giving as much detail as you can about the situation, remembering that the message will be publicly visible. Bear in mind that not all users understand the community jargon, so please try to use laymans terms."
period: "How long, starting now, the user will be blocked from the API for."
tried_contacting: "I have contacted the user and asked them to stop."
back: "View all blocks"
edit:
title: "Editing block on %{name}"
- heading: "Editing block on %{name}"
+ heading_html: "Editing block on %{name}"
reason: "The reason why %{name} is being blocked. Please be as calm and as reasonable as possible, giving as much detail as you can about the situation. Bear in mind that not all users understand the community jargon, so please try to use laymans terms."
period: "How long, starting now, the user will be blocked from the API for."
show: "View this block"
empty: "No blocks have been made yet."
revoke:
title: "Revoking block on %{block_on}"
- heading: "Revoking block on %{block_on} by %{block_by}"
+ heading_html: "Revoking block on %{block_on} by %{block_by}"
time_future: "This block will end in %{time}."
past: "This block ended %{time} and cannot be revoked now."
confirm: "Are you sure you wish to revoke this block?"
other: "%{count} years"
blocks_on:
title: "Blocks on %{name}"
- heading: "List of blocks on %{name}"
+ heading_html: "List of blocks on %{name}"
empty: "%{name} has not been blocked yet."
blocks_by:
title: "Blocks by %{name}"
- heading: "List of blocks by %{name}"
+ heading_html: "List of blocks by %{name}"
empty: "%{name} has not made any blocks yet."
show:
title: "%{block_on} blocked by %{block_by}"
- heading: "%{block_on} blocked by %{block_by}"
+ heading_html: "%{block_on} blocked by %{block_by}"
created: "Created"
status: "Status"
show: "Show"
projects / rails.git / commitdiff