From 4b93aa4a283747d7074560411dd5b4a587d8eb26 Mon Sep 17 00:00:00 2001 From: Thomas von Deyen Date: Fri, 8 Mar 2024 12:53:43 +0100 Subject: [PATCH] Mark ingredient output as html_safe All our ingredient view components values are html_safe. (cherry picked from commit d0911603f4cb1f671e2b7eb78d18310075f5c57d) --- .../alchemy/ingredients/audio_view.rb | 2 +- .../alchemy/ingredients/base_view.rb | 2 +- .../alchemy/ingredients/boolean_view.rb | 2 +- .../alchemy/ingredients/datetime_view.rb | 2 +- .../alchemy/ingredients/file_view.rb | 2 +- .../alchemy/ingredients/headline_view.rb | 23 +++++++++++++------ .../alchemy/ingredients/link_view.rb | 2 +- .../alchemy/ingredients/page_view.rb | 2 +- .../alchemy/ingredients/picture_view.rb | 2 +- .../alchemy/ingredients/richtext_view.rb | 2 +- .../alchemy/ingredients/text_view.rb | 2 +- .../alchemy/ingredients/video_view.rb | 2 +- 12 files changed, 27 insertions(+), 18 deletions(-) diff --git a/app/components/alchemy/ingredients/audio_view.rb b/app/components/alchemy/ingredients/audio_view.rb index ca993fc63a..b70c9b0bf3 100644 --- a/app/components/alchemy/ingredients/audio_view.rb +++ b/app/components/alchemy/ingredients/audio_view.rb @@ -4,7 +4,7 @@ class AudioView < BaseView def call content_tag(:audio, **html_options) do tag(:source, src: src, type: type) - end + end.html_safe end def render? diff --git a/app/components/alchemy/ingredients/base_view.rb b/app/components/alchemy/ingredients/base_view.rb index b932090bf9..83f7535a71 100644 --- a/app/components/alchemy/ingredients/base_view.rb +++ b/app/components/alchemy/ingredients/base_view.rb @@ -16,7 +16,7 @@ def initialize(ingredient, html_options: {}) end def call - value + value.html_safe end def render? diff --git a/app/components/alchemy/ingredients/boolean_view.rb b/app/components/alchemy/ingredients/boolean_view.rb index 6bfe8382f8..92109b6046 100644 --- a/app/components/alchemy/ingredients/boolean_view.rb +++ b/app/components/alchemy/ingredients/boolean_view.rb @@ -2,7 +2,7 @@ module Alchemy module Ingredients class BooleanView < BaseView def call - Alchemy.t(value, scope: "ingredient_values.boolean") + Alchemy.t(value, scope: "ingredient_values.boolean").html_safe end def render? diff --git a/app/components/alchemy/ingredients/datetime_view.rb b/app/components/alchemy/ingredients/datetime_view.rb index 80d1cafaec..d0890c89b2 100644 --- a/app/components/alchemy/ingredients/datetime_view.rb +++ b/app/components/alchemy/ingredients/datetime_view.rb @@ -15,7 +15,7 @@ def call ingredient.value.to_s(:rfc822) else ::I18n.l(ingredient.value, format: date_format) - end + end.html_safe end end end diff --git a/app/components/alchemy/ingredients/file_view.rb b/app/components/alchemy/ingredients/file_view.rb index ce26bdacba..a76add5bf1 100644 --- a/app/components/alchemy/ingredients/file_view.rb +++ b/app/components/alchemy/ingredients/file_view.rb @@ -23,7 +23,7 @@ def call class: ingredient.css_class.presence, title: ingredient.title.presence }.merge(html_options) - ) + ).html_safe end def render? diff --git a/app/components/alchemy/ingredients/headline_view.rb b/app/components/alchemy/ingredients/headline_view.rb index 2f76e98e10..fe49c6f945 100644 --- a/app/components/alchemy/ingredients/headline_view.rb +++ b/app/components/alchemy/ingredients/headline_view.rb @@ -7,13 +7,22 @@ def initialize(ingredient, level: nil, html_options: {}) end def call - content_tag "h#{@level || ingredient.level}", - ingredient.value, - id: ingredient.dom_id.presence, - class: [ - ingredient.size ? "h#{ingredient.size}" : nil, - html_options[:class] - ] + content_tag tag_name, id: dom_id, class: css_classes do + ingredient.value + end.html_safe + end + + private + + def tag_name = "h#{@level || ingredient.level}" + + def dom_id = ingredient.dom_id.presence + + def css_classes + [ + ingredient.size ? "h#{ingredient.size}" : nil, + html_options[:class] + ] end end end diff --git a/app/components/alchemy/ingredients/link_view.rb b/app/components/alchemy/ingredients/link_view.rb index 3c67da8551..30cfeac4a1 100644 --- a/app/components/alchemy/ingredients/link_view.rb +++ b/app/components/alchemy/ingredients/link_view.rb @@ -12,7 +12,7 @@ def initialize(ingredient, text: nil, html_options: {}) end def call - link_to(link_text, value, {target: link_target}.merge(html_options)) + link_to(link_text, value, {target: link_target}.merge(html_options)).html_safe end private diff --git a/app/components/alchemy/ingredients/page_view.rb b/app/components/alchemy/ingredients/page_view.rb index 638d4b2541..28d01969cd 100644 --- a/app/components/alchemy/ingredients/page_view.rb +++ b/app/components/alchemy/ingredients/page_view.rb @@ -4,7 +4,7 @@ class PageView < BaseView delegate :page, to: :ingredient def call - link_to page.name, alchemy.show_page_path(urlname: page.urlname) + link_to(page.name, alchemy.show_page_path(urlname: page.urlname)).html_safe end def render? diff --git a/app/components/alchemy/ingredients/picture_view.rb b/app/components/alchemy/ingredients/picture_view.rb index 8e5a52bef4..3692671223 100644 --- a/app/components/alchemy/ingredients/picture_view.rb +++ b/app/components/alchemy/ingredients/picture_view.rb @@ -57,7 +57,7 @@ def call content_tag(:figure, output, {class: ingredient.css_class.presence}.merge(html_options)) else output - end + end.html_safe end private diff --git a/app/components/alchemy/ingredients/richtext_view.rb b/app/components/alchemy/ingredients/richtext_view.rb index 9b93f75c77..fb8e59f8f6 100644 --- a/app/components/alchemy/ingredients/richtext_view.rb +++ b/app/components/alchemy/ingredients/richtext_view.rb @@ -15,7 +15,7 @@ def call ingredient.stripped_body else value.to_s.html_safe - end + end.html_safe end end end diff --git a/app/components/alchemy/ingredients/text_view.rb b/app/components/alchemy/ingredients/text_view.rb index bb29b76d26..821113a575 100644 --- a/app/components/alchemy/ingredients/text_view.rb +++ b/app/components/alchemy/ingredients/text_view.rb @@ -24,7 +24,7 @@ def call target: ((link_target == "blank") ? "_blank" : nil), data: {link_target: link_target} }.merge(html_options)) - end + end.html_safe end private diff --git a/app/components/alchemy/ingredients/video_view.rb b/app/components/alchemy/ingredients/video_view.rb index e8b4b545bd..fe159f6cef 100644 --- a/app/components/alchemy/ingredients/video_view.rb +++ b/app/components/alchemy/ingredients/video_view.rb @@ -6,7 +6,7 @@ class VideoView < BaseView def call content_tag(:video, html_options) do tag(:source, src: src, type: attachment.file_mime_type) - end + end.html_safe end def render?