From ce342fede0fc465993e588487056d76458f97169 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 27 Nov 2024 18:04:32 +0000 Subject: [PATCH] Move html_safe declaration for user_mailer from layout to helper This allows us to enable output safety checks for all code within erb files. `rubocop --auto-gen-config` ignores code within the erb files, so it is easier to maintain an exclusion on the helper than inside the layout. --- .erb_lint.yml | 2 -- .rubocop_todo.yml | 1 + app/helpers/user_mailer_helper.rb | 2 +- app/views/layouts/user_mailer.html.erb | 2 +- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.erb_lint.yml b/.erb_lint.yml index 0c729d38f8..dc9b39c5c5 100644 --- a/.erb_lint.yml +++ b/.erb_lint.yml @@ -20,8 +20,6 @@ linters: Enabled: false Naming/FileName: Enabled: false - Rails/OutputSafety: - Enabled: false Style/FrozenStringLiteralComment: Enabled: false SelfClosingTag: diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 7384a8d95f..0dd79ea2ae 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -169,6 +169,7 @@ Rails/NotNullColumn: Rails/OutputSafety: Exclude: - 'app/helpers/application_helper.rb' + - 'app/helpers/user_mailer_helper.rb' - 'lib/rich_text.rb' - 'test/helpers/application_helper_test.rb' diff --git a/app/helpers/user_mailer_helper.rb b/app/helpers/user_mailer_helper.rb index d47827074a..be756c212b 100644 --- a/app/helpers/user_mailer_helper.rb +++ b/app/helpers/user_mailer_helper.rb @@ -29,7 +29,7 @@ def style_message(html) # Because we can't use stylesheets in HTML emails, we need to inline the # styles. Rather than copy-paste the same string of CSS into every message, # we apply it once here, after the message has been composed. - html.gsub("

", '

') + html.gsub("

", '

').html_safe end def style_left diff --git a/app/views/layouts/user_mailer.html.erb b/app/views/layouts/user_mailer.html.erb index c10ed1c70f..7688ddb19c 100644 --- a/app/views/layouts/user_mailer.html.erb +++ b/app/views/layouts/user_mailer.html.erb @@ -28,7 +28,7 @@
- <%= raw style_message(yield) %> + <%= style_message(yield) %>