Fix HTML escaping issues with user role icons

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index 406a13265a699d8d1b9fd2f0ee97a2b72e6bfacc..c1060cbe2338b3c6c95a2344417a527e0c67c465 100644 (file)
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -172,9 +172,3 @@ Style/FrozenStringLiteralComment:
 # Configuration parameters: Strict.
 Style/NumericLiterals:
   MinDigits: 11
-
-# Offense count: 19
-# Cop supports --auto-correct.
-Style/StringConcatenation:
-  Exclude:
-    - 'test/helpers/user_roles_helper_test.rb'

diff --git a/app/helpers/user_roles_helper.rb b/app/helpers/user_roles_helper.rb
index 384fb7280f2a9152241abb7bb2b17a5dfcd6d418..79e7cc012ad1e2c32e25a1f9df21c20bb983c4dc 100644 (file)
--- a/app/helpers/user_roles_helper.rb
+++ b/app/helpers/user_roles_helper.rb
@@ -1,8 +1,6 @@
 module UserRolesHelper
   def role_icons(user)
-    UserRole::ALL_ROLES.reduce("".html_safe) do |acc, elem|
-      "#{acc} #{role_icon(user, elem)}"
-    end
+    safe_join(UserRole::ALL_ROLES.collect { |role| role_icon(user, role) }.compact, " ")
   end
 
   def role_icon(user, role)

diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 440d68874ff9e323b38e63f3f8a9f86086f2d5b7..694f561b28aaa4d4e6bea4382206a994bcc5ee1e 100644 (file)
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -2,7 +2,7 @@
   <div id='userinformation'>
     <%= user_image @user %>
     <div class='userinformation-inner'>
-      <h1><%= @user.display_name %><%= role_icons(@user) %></h1>
+      <h1><%= @user.display_name %> <%= role_icons(@user) %></h1>
       <% if current_user and @user.id == current_user.id %>
         <!-- Displaying user's own profile page to themself -->
         <ul class='secondary-actions clearfix'>

diff --git a/test/helpers/user_roles_helper_test.rb b/test/helpers/user_roles_helper_test.rb
index 26c303cfa8fd24e8b48a82acb848fa33ffb452bc..dfd790a0b3da1311df54c4dca75513361b83f4a1 100644 (file)
--- a/test/helpers/user_roles_helper_test.rb
+++ b/test/helpers/user_roles_helper_test.rb
@@ -51,10 +51,10 @@ class UserRolesHelperTest < ActionView::TestCase
     self.current_user = create(:user)
 
     icons = role_icons(current_user)
-    assert_dom_equal "  ", icons
+    assert_dom_equal "", icons
 
     icons = role_icons(create(:moderator_user))
-    expected = "  " + <<~HTML.delete("\n")
+    expected = <<~HTML.delete("\n")
       <picture>
       <source srcset="/images/roles/moderator.svg" type="image/svg+xml" />
       <img srcset="/images/roles/moderator.svg" border="0" alt="This user is a moderator" title="This user is a moderator" src="/images/roles/moderator.png" width="20" height="20" />
@@ -63,7 +63,7 @@ class UserRolesHelperTest < ActionView::TestCase
     assert_dom_equal expected, icons
 
     icons = role_icons(create(:super_user))
-    expected = " " + <<~HTML.delete("\n")
+    expected = <<~HTML.delete("\n")
       <picture>
       <source srcset="/images/roles/administrator.svg" type="image/svg+xml" />
       <img srcset="/images/roles/administrator.svg" border="0" alt="This user is an administrator" title="This user is an administrator" src="/images/roles/administrator.png" width="20" height="20" />
@@ -81,7 +81,7 @@ class UserRolesHelperTest < ActionView::TestCase
 
     user = create(:user)
     icons = role_icons(user)
-    expected = " " + <<~HTML.delete("\n")
+    expected = <<~HTML.delete("\n")
       <a confirm="Are you sure you want to grant the role `administrator&#39; to the user `#{user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(user.display_name)}/role/administrator/grant">
       <picture>
       <source srcset="/images/roles/blank_administrator.svg" type="image/svg+xml" />
@@ -99,7 +99,7 @@ class UserRolesHelperTest < ActionView::TestCase
 
     moderator_user = create(:moderator_user)
     icons = role_icons(moderator_user)
-    expected = " " + <<~HTML.delete("\n")
+    expected = <<~HTML.delete("\n")
       <a confirm="Are you sure you want to grant the role `administrator&#39; to the user `#{moderator_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(moderator_user.display_name)}/role/administrator/grant">
       <picture>
       <source srcset="/images/roles/blank_administrator.svg" type="image/svg+xml" />
@@ -117,7 +117,7 @@ class UserRolesHelperTest < ActionView::TestCase
 
     super_user = create(:super_user)
     icons = role_icons(super_user)
-    expected = " " + <<~HTML.delete("\n")
+    expected = <<~HTML.delete("\n")
       <a confirm="Are you sure you want to revoke the role `administrator&#39; from the user `#{super_user.display_name}&#39;?" rel="nofollow" data-method="post" href="/user/#{ERB::Util.u(super_user.display_name)}/role/administrator/revoke">
       <picture>
       <source srcset="/images/roles/administrator.svg" type="image/svg+xml" />