From: Andy Allan Date: Wed, 27 Nov 2024 18:04:32 +0000 (+0000) Subject: Move html_safe declaration for user_mailer from layout to helper X-Git-Tag: live~81 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/ce342fede0fc465993e588487056d76458f97169?hp=d2dc1ff8978a3ed9636c172a7e3cfb8e3d83410b Move html_safe declaration for user_mailer from layout to helper This allows us to enable output safety checks for all code within erb files. `rubocop --auto-gen-config` ignores code within the erb files, so it is easier to maintain an exclusion on the helper than inside the layout. --- diff --git a/.erb_lint.yml b/.erb_lint.yml index 0c729d38f..dc9b39c5c 100644 --- a/.erb_lint.yml +++ b/.erb_lint.yml @@ -20,8 +20,6 @@ linters: Enabled: false Naming/FileName: Enabled: false - Rails/OutputSafety: - Enabled: false Style/FrozenStringLiteralComment: Enabled: false SelfClosingTag: diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 7384a8d95..0dd79ea2a 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -169,6 +169,7 @@ Rails/NotNullColumn: Rails/OutputSafety: Exclude: - 'app/helpers/application_helper.rb' + - 'app/helpers/user_mailer_helper.rb' - 'lib/rich_text.rb' - 'test/helpers/application_helper_test.rb' diff --git a/app/helpers/user_mailer_helper.rb b/app/helpers/user_mailer_helper.rb index d47827074..be756c212 100644 --- a/app/helpers/user_mailer_helper.rb +++ b/app/helpers/user_mailer_helper.rb @@ -29,7 +29,7 @@ module UserMailerHelper # Because we can't use stylesheets in HTML emails, we need to inline the # styles. Rather than copy-paste the same string of CSS into every message, # we apply it once here, after the message has been composed. - html.gsub("

", '

') + html.gsub("

", '

').html_safe end def style_left diff --git a/app/views/layouts/user_mailer.html.erb b/app/views/layouts/user_mailer.html.erb index c10ed1c70..7688ddb19 100644 --- a/app/views/layouts/user_mailer.html.erb +++ b/app/views/layouts/user_mailer.html.erb @@ -28,7 +28,7 @@
- <%= raw style_message(yield) %> + <%= style_message(yield) %>