From 78dd142df4057315c236b2186d4860c59f0373c9 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 2 Dec 2020 15:13:09 +0000 Subject: [PATCH] Avoid using raw in html mailer views Use the _html suffix to mark that we expect the translations to contain links. Unfortunately, we can't use the _html keys for the plain text emails, since the input options (e.g. username, url) will be html-escaped, before it is passed to the view. So we need to use non-html-suffix keys for the plaintext views, in most cases. Only when the translation options (e.g. url) are guaranteed to not contain any escapable characters can the same translation key be shared. --- .../changeset_comment_notification.html.erb | 10 +++++----- .../diary_comment_notification.html.erb | 10 +++++----- .../friendship_notification.html.erb | 4 ++-- .../user_mailer/message_notification.html.erb | 6 +++--- .../user_mailer/message_notification.text.erb | 2 +- .../note_comment_notification.html.erb | 6 +++--- config/locales/en.yml | 18 ++++++++++++++++++ 7 files changed, 37 insertions(+), 19 deletions(-) diff --git a/app/views/user_mailer/changeset_comment_notification.html.erb b/app/views/user_mailer/changeset_comment_notification.html.erb index 85cd87e5e..95c5cdc5b 100644 --- a/app/views/user_mailer/changeset_comment_notification.html.erb +++ b/app/views/user_mailer/changeset_comment_notification.html.erb @@ -3,12 +3,12 @@

<% if @owner %> - <%= raw t ".commented.your_changeset", :commenter => link_to_user(@commenter), :time => @time %> + <%= t ".commented.your_changeset_html", :commenter => link_to_user(@commenter), :time => @time %> <% else %> - <%= raw t ".commented.commented_changeset", :commenter => link_to_user(@commenter), :time => @time, :changeset_author => @changeset_author %> + <%= t ".commented.commented_changeset_html", :commenter => link_to_user(@commenter), :time => @time, :changeset_author => @changeset_author %> <% end %> <% if @changeset_comment %> - <%= raw t ".commented.partial_changeset_with_comment", :changeset_comment => tag.em(@changeset_comment) %> + <%= t ".commented.partial_changeset_with_comment_html", :changeset_comment => tag.em(@changeset_comment) %> <% else %> <%= t ".commented.partial_changeset_without_comment" %> <% end %> @@ -19,11 +19,11 @@ <% end %>

- <%= raw t ".details", :url => link_to(@changeset_url, @changeset_url) %> + <%= t ".details_html", :url => link_to(@changeset_url, @changeset_url) %>

<% content_for :footer do %>

- <%= raw t ".unsubscribe", :url => link_to(@changeset_url, @changeset_url, :style => "color: #222") %> + <%= t ".unsubscribe_html", :url => link_to(@changeset_url, @changeset_url, :style => "color: #222") %>

<% end %> diff --git a/app/views/user_mailer/diary_comment_notification.html.erb b/app/views/user_mailer/diary_comment_notification.html.erb index abf92509f..b4efae83b 100644 --- a/app/views/user_mailer/diary_comment_notification.html.erb +++ b/app/views/user_mailer/diary_comment_notification.html.erb @@ -2,7 +2,7 @@ <%= t ".hi", :to_user => @to_user %>

- <%= raw t ".header", :from_user => link_to_user(@from_user), :subject => tag.em(@title) %> + <%= t ".header_html", :from_user => link_to_user(@from_user), :subject => tag.em(@title) %>

<%= message_body do %> @@ -10,9 +10,9 @@ <% end %> <% content_for :footer do %> -

<%= raw t ".footer", - :readurl => link_to(@readurl, @readurl) + tag(:br), - :commenturl => link_to(@commenturl, @commenturl) + tag(:br), - :replyurl => link_to(@replyurl, @replyurl) %> +

<%= t ".footer_html", + :readurl => link_to(@readurl, @readurl) + tag(:br), + :commenturl => link_to(@commenturl, @commenturl) + tag(:br), + :replyurl => link_to(@replyurl, @replyurl) %>

<% end %> diff --git a/app/views/user_mailer/friendship_notification.html.erb b/app/views/user_mailer/friendship_notification.html.erb index 24587a6e3..0f2353150 100644 --- a/app/views/user_mailer/friendship_notification.html.erb +++ b/app/views/user_mailer/friendship_notification.html.erb @@ -1,9 +1,9 @@

<%= t ".had_added_you", :user => @friendship.befriender.display_name %>

<%= message_body do %> -

<%= raw t ".see_their_profile", :userurl => link_to(@viewurl, @viewurl) %>

+

<%= t ".see_their_profile_html", :userurl => link_to(@viewurl, @viewurl) %>

<% unless @friendship.befriendee.is_friends_with?(@friendship.befriender) -%> -

<%= raw t ".befriend_them", :befriendurl => link_to(@friendurl, @friendurl) %>

+

<%= t ".befriend_them_html", :befriendurl => link_to(@friendurl, @friendurl) %>

<% end -%> <% end %> diff --git a/app/views/user_mailer/message_notification.html.erb b/app/views/user_mailer/message_notification.html.erb index 74d10f599..fd49c6723 100644 --- a/app/views/user_mailer/message_notification.html.erb +++ b/app/views/user_mailer/message_notification.html.erb @@ -2,9 +2,9 @@ <%= t ".hi", :to_user => @to_user %>

- <%= raw t ".header", - :from_user => link_to_user(@from_user), - :subject => tag.em(@title) %> + <%= t ".header", + :from_user => link_to_user(@from_user), + :subject => tag.em(@title) %>

<%= message_body do %> diff --git a/app/views/user_mailer/message_notification.text.erb b/app/views/user_mailer/message_notification.text.erb index 6bd7393d7..1d75e7e2a 100644 --- a/app/views/user_mailer/message_notification.text.erb +++ b/app/views/user_mailer/message_notification.text.erb @@ -6,4 +6,4 @@ <%= @text.to_text %> == -<%= word_wrap(t '.footer_html', :readurl => @readurl, :replyurl => @replyurl) %> +<%= word_wrap(t '.footer', :readurl => @readurl, :replyurl => @replyurl) %> diff --git a/app/views/user_mailer/note_comment_notification.html.erb b/app/views/user_mailer/note_comment_notification.html.erb index 3a8286028..8d779bc48 100644 --- a/app/views/user_mailer/note_comment_notification.html.erb +++ b/app/views/user_mailer/note_comment_notification.html.erb @@ -1,9 +1,9 @@

<%= t ".greeting" %>

<% if @owner %> -

<%= raw t ".#{@event}.your_note", :commenter => link_to_user(@commenter), :place => @place %>

+

<%= t ".#{@event}.your_note_html", :commenter => link_to_user(@commenter), :place => @place %>

<% else %> -

<%= raw t ".#{@event}.commented_note", :commenter => link_to_user(@commenter), :place => @place %>

+

<%= t ".#{@event}.commented_note_html", :commenter => link_to_user(@commenter), :place => @place %>

<% end %> <% unless @comment.empty? %> @@ -12,4 +12,4 @@ <% end %> <% end %> -

<%= raw t ".details", :url => link_to(@noteurl, @noteurl) %>

+

<%= t ".details_html", :url => link_to(@noteurl, @noteurl) %>

diff --git a/config/locales/en.yml b/config/locales/en.yml index 50dabce26..853180080 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1414,18 +1414,24 @@ en: subject: "[OpenStreetMap] %{user} commented on a diary entry" hi: "Hi %{to_user}," header: "%{from_user} has commented on the OpenStreetMap diary entry with the subject %{subject}:" + header_html: "%{from_user} has commented on the OpenStreetMap diary entry with the subject %{subject}:" footer: "You can also read the comment at %{readurl} and you can comment at %{commenturl} or send a message to the author at %{replyurl}" + footer_html: "You can also read the comment at %{readurl} and you can comment at %{commenturl} or send a message to the author at %{replyurl}" message_notification: subject: "[OpenStreetMap] %{message_title}" hi: "Hi %{to_user}," header: "%{from_user} has sent you a message through OpenStreetMap with the subject %{subject}:" + header_html: "%{from_user} has sent you a message through OpenStreetMap with the subject %{subject}:" + footer: "You can also read the message at %{readurl} and you can send a message to the author at %{replyurl}" footer_html: "You can also read the message at %{readurl} and you can send a message to the author at %{replyurl}" friendship_notification: hi: "Hi %{to_user}," subject: "[OpenStreetMap] %{user} added you as a friend" had_added_you: "%{user} has added you as a friend on OpenStreetMap." see_their_profile: "You can see their profile at %{userurl}." + see_their_profile_html: "You can see their profile at %{userurl}." befriend_them: "You can also add them as a friend at %{befriendurl}." + befriend_them_html: "You can also add them as a friend at %{befriendurl}." gpx_description: description_with_tags_html: "It looks like your GPX file %{trace_name} with the description %{trace_description} and the following tags: %{tags}" description_with_no_tags_html: "It looks like your GPX file %{trace_name} with the description %{trace_description} and no tags" @@ -1464,18 +1470,25 @@ en: subject_own: "[OpenStreetMap] %{commenter} has commented on one of your notes" subject_other: "[OpenStreetMap] %{commenter} has commented on a note you are interested in" your_note: "%{commenter} has left a comment on one of your map notes near %{place}." + your_note_html: "%{commenter} has left a comment on one of your map notes near %{place}." commented_note: "%{commenter} has left a comment on a map note you have commented on. The note is near %{place}." + commented_note_html: "%{commenter} has left a comment on a map note you have commented on. The note is near %{place}." closed: subject_own: "[OpenStreetMap] %{commenter} has resolved one of your notes" subject_other: "[OpenStreetMap] %{commenter} has resolved a note you are interested in" your_note: "%{commenter} has resolved one of your map notes near %{place}." + your_note_html: "%{commenter} has resolved one of your map notes near %{place}." commented_note: "%{commenter} has resolved a map note you have commented on. The note is near %{place}." + commented_note_html: "%{commenter} has resolved a map note you have commented on. The note is near %{place}." reopened: subject_own: "[OpenStreetMap] %{commenter} has reactivated one of your notes" subject_other: "[OpenStreetMap] %{commenter} has reactivated a note you are interested in" your_note: "%{commenter} has reactivated one of your map notes near %{place}." + your_note_html: "%{commenter} has reactivated one of your map notes near %{place}." commented_note: "%{commenter} has reactivated a map note you have commented on. The note is near %{place}." + commented_note_html: "%{commenter} has reactivated a map note you have commented on. The note is near %{place}." details: "More details about the note can be found at %{url}." + details_html: "More details about the note can be found at %{url}." changeset_comment_notification: hi: "Hi %{to_user}," greeting: "Hi," @@ -1483,11 +1496,16 @@ en: subject_own: "[OpenStreetMap] %{commenter} has commented on one of your changesets" subject_other: "[OpenStreetMap] %{commenter} has commented on a changeset you are interested in" your_changeset: "%{commenter} left a comment at %{time} on one of your changesets" + your_changeset_html: "%{commenter} left a comment at %{time} on one of your changesets" commented_changeset: "%{commenter} left a comment at %{time} on a changeset you are watching created by %{changeset_author}" + commented_changeset_html: "%{commenter} left a comment at %{time} on a changeset you are watching created by %{changeset_author}" partial_changeset_with_comment: "with comment '%{changeset_comment}'" + partial_changeset_with_comment_html: "with comment '%{changeset_comment}'" partial_changeset_without_comment: "without comment" details: "More details about the changeset can be found at %{url}." + details_html: "More details about the changeset can be found at %{url}." unsubscribe: 'To unsubscribe from updates to this changeset, visit %{url} and click "Unsubscribe".' + unsubscribe_html: 'To unsubscribe from updates to this changeset, visit %{url} and click "Unsubscribe".' messages: inbox: title: "Inbox" -- 2.39.5