From: Andy Allan Date: Thu, 2 Jan 2020 16:13:41 +0000 (+0100) Subject: Use _html suffix to avoid using raw when displaying translated strings X-Git-Tag: live~2269^2~2 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/8dba8cd4a0deafc51ea5b1efcd91754b68f5bff8 Use _html suffix to avoid using raw when displaying translated strings This is safer than raw, since any user input is still escaped. --- diff --git a/app/views/browse/_containing_relation.html.erb b/app/views/browse/_containing_relation.html.erb index b3cb90cec..ba05c1fe4 100644 --- a/app/views/browse/_containing_relation.html.erb +++ b/app/views/browse/_containing_relation.html.erb @@ -1,7 +1,7 @@
  • <%= linked_name = link_to h(printable_name(containing_relation.relation)), :action => "relation", :id => containing_relation.relation.id.to_s if containing_relation.member_role.blank? - raw t ".entry", :relation_name => linked_name + t ".entry_html", :relation_name => linked_name else - raw t ".entry_role", :relation_name => linked_name, :relation_role => h(containing_relation.member_role) + t ".entry_role_html", :relation_name => linked_name, :relation_role => h(containing_relation.member_role) end %>
    • diff --git a/app/views/browse/_relation_member.html.erb b/app/views/browse/_relation_member.html.erb index bb37bdf21..fe0f36357 100644 --- a/app/views/browse/_relation_member.html.erb +++ b/app/views/browse/_relation_member.html.erb @@ -3,8 +3,8 @@ type_str = t ".type." + relation_member.member_type.downcase %>
  • <%= if relation_member.member_role.blank? - raw t ".entry", :type => type_str, :name => linked_name + t ".entry_html", :type => type_str, :name => linked_name else - raw t ".entry_role", :type => type_str, :name => linked_name, :role => h(relation_member.member_role) + t ".entry_role_html", :type => type_str, :name => linked_name, :role => h(relation_member.member_role) end %>
    • diff --git a/app/views/browse/_way.html.erb b/app/views/browse/_way.html.erb index ed206c59b..5560344a8 100644 --- a/app/views/browse/_way.html.erb +++ b/app/views/browse/_way.html.erb @@ -25,7 +25,7 @@ <%= link_to printable_name(wn.node), { :action => "node", :id => wn.node_id.to_s }, { :class => link_class("node", wn.node), :title => link_title(wn.node), :rel => link_follow(wn.node) } %> <% related_ways = wn.node.ways.reject { |w| w.id == wn.way_id } %> <% if related_ways.size > 0 then %> - (<%= raw t ".also_part_of", :count => related_ways.size, :related_ways => related_ways.map { |w| link_to(printable_name(w), { :action => "way", :id => w.id.to_s }, { :class => link_class("way", w), :title => link_title(w) }) }.to_sentence %>) + (<%= t ".also_part_of_html", :count => related_ways.size, :related_ways => to_sentence(related_ways.map { |w| link_to(printable_name(w), { :action => "way", :id => w.id.to_s }, { :class => link_class("way", w), :title => link_title(w) }) }) %>) <% end %> <% end %> diff --git a/app/views/browse/feature.html.erb b/app/views/browse/feature.html.erb index 6c94b0a9d..7dfccb290 100644 --- a/app/views/browse/feature.html.erb +++ b/app/views/browse/feature.html.erb @@ -2,7 +2,7 @@

    - <%= raw t("browse.#{@type}.title", :name => printable_name(@feature)) %> + <%= t("browse.#{@type}.title_html", :name => printable_name(@feature)) %>

    <%= render :partial => @type, :object => @feature %> diff --git a/app/views/geocoder/search.html.erb b/app/views/geocoder/search.html.erb index 3eb9561a2..13144d568 100644 --- a/app/views/geocoder/search.html.erb +++ b/app/views/geocoder/search.html.erb @@ -5,7 +5,7 @@ <%= t("site.sidebar.search_results") %> <% @sources.each do |source| %> -

    <%= raw(t(".title.#{source}")) %>

    +

    <%= t(".title.#{source}_html") %>

    "> <%= image_tag "searching.gif", :class => "loader" %>
    diff --git a/app/views/site/copyright.html.erb b/app/views/site/copyright.html.erb index feec81c82..c6a0348df 100644 --- a/app/views/site/copyright.html.erb +++ b/app/views/site/copyright.html.erb @@ -6,14 +6,14 @@ <%= tag.h1 :lang => @locale, :dir => t("html.dir", :locale => @locale) do %>

    <%= t ".native.title" %>

    - <%= raw t ".native.text", - :native_link => link_to(t(".native.native_link"), - :controller => "site", - :action => "copyright", - :copyright_locale => nil), - :mapping_link => link_to(t(".native.mapping_link"), - :controller => "site", - :action => "index") %> + <%= t ".native.html", + :native_link => link_to(t(".native.native_link"), + :controller => "site", + :action => "copyright", + :copyright_locale => nil), + :mapping_link => link_to(t(".native.mapping_link"), + :controller => "site", + :action => "index") %>

    <% end %>
    @@ -24,11 +24,11 @@ <% if t(".legal_babble", :locale => @locale) != t(".legal_babble", :locale => :en) %>

    <%= t ".foreign.title" %>

    - <%= raw t ".foreign.text", - :english_original_link => link_to(t(".foreign.english_link"), - :controller => "site", - :action => "copyright", - :copyright_locale => "en") %> + <%= t ".foreign.html", + :english_original_link => link_to(t(".foreign.english_link"), + :controller => "site", + :action => "copyright", + :copyright_locale => "en") %>

    <% end %>
    diff --git a/config/locales/en.yml b/config/locales/en.yml index 9e2e6dbb7..31531a656 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -221,29 +221,29 @@ en: discussion: Discussion still_open: "Changeset still open - discussion will open once the changeset is closed." node: - title: "Node: %{name}" + title_html: "Node: %{name}" history_title: "Node History: %{name}" way: - title: "Way: %{name}" + title_html: "Way: %{name}" history_title: "Way History: %{name}" nodes: "Nodes" - also_part_of: + also_part_of_html: one: "part of way %{related_ways}" other: "part of ways %{related_ways}" relation: - title: "Relation: %{name}" + title_html: "Relation: %{name}" history_title: "Relation History: %{name}" members: "Members" relation_member: - entry: "%{type} %{name}" - entry_role: "%{type} %{name} as %{role}" + entry_html: "%{type} %{name}" + entry_role_html: "%{type} %{name} as %{role}" type: node: "Node" way: "Way" relation: "Relation" containing_relation: - entry: "Relation %{relation_name}" - entry_role: "Relation %{relation_name} (as %{relation_role})" + entry_html: "Relation %{relation_name}" + entry_role_html: "Relation %{relation_name} (as %{relation_role})" not_found: sorry: "Sorry, %{type} #%{id} could not be found." type: @@ -422,12 +422,12 @@ en: geocoder: search: title: - latlon: 'Results from Internal' - ca_postcode: 'Results from Geocoder.CA' - osm_nominatim: 'Results from OpenStreetMap Nominatim' - geonames: 'Results from GeoNames' - osm_nominatim_reverse: 'Results from OpenStreetMap Nominatim' - geonames_reverse: 'Results from GeoNames' + latlon_html: 'Results from Internal' + ca_postcode_html: 'Results from Geocoder.CA' + osm_nominatim_html: 'Results from OpenStreetMap Nominatim' + geonames_html: 'Results from GeoNames' + osm_nominatim_reverse_html: 'Results from OpenStreetMap Nominatim' + geonames_reverse_html: 'Results from GeoNames' search_osm_nominatim: prefix_format: "%{name}" prefix: @@ -1373,11 +1373,11 @@ en: copyright: foreign: title: About this translation - text: In the event of a conflict between this translated page and %{english_original_link}, the English page shall take precedence + html: In the event of a conflict between this translated page and %{english_original_link}, the English page shall take precedence english_link: the English original native: title: About this page - text: You are viewing the English version of the copyright page. You can go back to the %{native_link} of this page or you can stop reading about copyright and %{mapping_link}. + html: You are viewing the English version of the copyright page. You can go back to the %{native_link} of this page or you can stop reading about copyright and %{mapping_link}. native_link: THIS_LANGUAGE_NAME_HERE version mapping_link: start mapping legal_babble: