mirror of https://github.com/mastodon/mastodon
Fix brakeman warning (#15870)
As far as I understand, the brakeman warning was a false-positive as `content_tag` properly escapes untrusted HTML. Furthermore, the interpolated string values are built from the “username” part of accounts, which is restricted to a small subset of ASCII that precludes any XML entity or HTML code. This proposed change should be functionally equivalent to the current code, however it is slightly more robust, it's more idiomatic, and Brakeman will stop complaining about it.
This commit is contained in:
parent
051efed5ed
commit
876840e9ef
|
@ -4,6 +4,6 @@
|
||||||
= image_tag action_log.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar'
|
= image_tag action_log.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar'
|
||||||
.log-entry__content
|
.log-entry__content
|
||||||
.log-entry__title
|
.log-entry__title
|
||||||
= t("admin.action_logs.actions.#{action_log.action}_#{action_log.target_type.underscore}", name: content_tag(:span, action_log.account.username, class: 'username'), target: content_tag(:span, log_target(action_log), class: 'target')).html_safe
|
= t("admin.action_logs.actions.#{action_log.action}_#{action_log.target_type.underscore}_html", name: content_tag(:span, action_log.account.username, class: 'username'), target: content_tag(:span, log_target(action_log), class: 'target'))
|
||||||
.log-entry__timestamp
|
.log-entry__timestamp
|
||||||
%time.formatted{ datetime: action_log.created_at.iso8601 }
|
%time.formatted{ datetime: action_log.created_at.iso8601 }
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
.speech-bubble.positive
|
.speech-bubble.positive
|
||||||
.speech-bubble__bubble
|
.speech-bubble__bubble
|
||||||
= t("admin.action_logs.actions.#{action_log.action}_#{action_log.target_type.underscore}", name: content_tag(:span, action_log.account.username, class: 'username'), target: content_tag(:span, log_target(action_log), class: 'target')).html_safe
|
= t("admin.action_logs.actions.#{action_log.action}_#{action_log.target_type.underscore}_html", name: content_tag(:span, action_log.account.username, class: 'username'), target: content_tag(:span, log_target(action_log), class: 'target'))
|
||||||
.speech-bubble__owner
|
.speech-bubble__owner
|
||||||
= admin_account_link_to(action_log.account)
|
= admin_account_link_to(action_log.account)
|
||||||
%time.formatted{ datetime: action_log.created_at.iso8601 }= l action_log.created_at
|
%time.formatted{ datetime: action_log.created_at.iso8601 }= l action_log.created_at
|
||||||
|
|
|
@ -261,46 +261,46 @@ en:
|
||||||
update_domain_block: Update Domain Block
|
update_domain_block: Update Domain Block
|
||||||
update_status: Update Status
|
update_status: Update Status
|
||||||
actions:
|
actions:
|
||||||
assigned_to_self_report: "%{name} assigned report %{target} to themselves"
|
assigned_to_self_report_html: "%{name} assigned report %{target} to themselves"
|
||||||
change_email_user: "%{name} changed the e-mail address of user %{target}"
|
change_email_user_html: "%{name} changed the e-mail address of user %{target}"
|
||||||
confirm_user: "%{name} confirmed e-mail address of user %{target}"
|
confirm_user_html: "%{name} confirmed e-mail address of user %{target}"
|
||||||
create_account_warning: "%{name} sent a warning to %{target}"
|
create_account_warning_html: "%{name} sent a warning to %{target}"
|
||||||
create_announcement: "%{name} created new announcement %{target}"
|
create_announcement_html: "%{name} created new announcement %{target}"
|
||||||
create_custom_emoji: "%{name} uploaded new emoji %{target}"
|
create_custom_emoji_html: "%{name} uploaded new emoji %{target}"
|
||||||
create_domain_allow: "%{name} allowed federation with domain %{target}"
|
create_domain_allow_html: "%{name} allowed federation with domain %{target}"
|
||||||
create_domain_block: "%{name} blocked domain %{target}"
|
create_domain_block_html: "%{name} blocked domain %{target}"
|
||||||
create_email_domain_block: "%{name} blocked e-mail domain %{target}"
|
create_email_domain_block_html: "%{name} blocked e-mail domain %{target}"
|
||||||
create_ip_block: "%{name} created rule for IP %{target}"
|
create_ip_block_html: "%{name} created rule for IP %{target}"
|
||||||
demote_user: "%{name} demoted user %{target}"
|
demote_user_html: "%{name} demoted user %{target}"
|
||||||
destroy_announcement: "%{name} deleted announcement %{target}"
|
destroy_announcement_html: "%{name} deleted announcement %{target}"
|
||||||
destroy_custom_emoji: "%{name} destroyed emoji %{target}"
|
destroy_custom_emoji_html: "%{name} destroyed emoji %{target}"
|
||||||
destroy_domain_allow: "%{name} disallowed federation with domain %{target}"
|
destroy_domain_allow_html: "%{name} disallowed federation with domain %{target}"
|
||||||
destroy_domain_block: "%{name} unblocked domain %{target}"
|
destroy_domain_block_html: "%{name} unblocked domain %{target}"
|
||||||
destroy_email_domain_block: "%{name} unblocked e-mail domain %{target}"
|
destroy_email_domain_block_html: "%{name} unblocked e-mail domain %{target}"
|
||||||
destroy_ip_block: "%{name} deleted rule for IP %{target}"
|
destroy_ip_block_html: "%{name} deleted rule for IP %{target}"
|
||||||
destroy_status: "%{name} removed status by %{target}"
|
destroy_status_html: "%{name} removed status by %{target}"
|
||||||
disable_2fa_user: "%{name} disabled two factor requirement for user %{target}"
|
disable_2fa_user_html: "%{name} disabled two factor requirement for user %{target}"
|
||||||
disable_custom_emoji: "%{name} disabled emoji %{target}"
|
disable_custom_emoji_html: "%{name} disabled emoji %{target}"
|
||||||
disable_user: "%{name} disabled login for user %{target}"
|
disable_user_html: "%{name} disabled login for user %{target}"
|
||||||
enable_custom_emoji: "%{name} enabled emoji %{target}"
|
enable_custom_emoji_html: "%{name} enabled emoji %{target}"
|
||||||
enable_user: "%{name} enabled login for user %{target}"
|
enable_user_html: "%{name} enabled login for user %{target}"
|
||||||
memorialize_account: "%{name} turned %{target}'s account into a memoriam page"
|
memorialize_account_html: "%{name} turned %{target}'s account into a memoriam page"
|
||||||
promote_user: "%{name} promoted user %{target}"
|
promote_user_html: "%{name} promoted user %{target}"
|
||||||
remove_avatar_user: "%{name} removed %{target}'s avatar"
|
remove_avatar_user_html: "%{name} removed %{target}'s avatar"
|
||||||
reopen_report: "%{name} reopened report %{target}"
|
reopen_report_html: "%{name} reopened report %{target}"
|
||||||
reset_password_user: "%{name} reset password of user %{target}"
|
reset_password_user_html: "%{name} reset password of user %{target}"
|
||||||
resolve_report: "%{name} resolved report %{target}"
|
resolve_report_html: "%{name} resolved report %{target}"
|
||||||
sensitive_account: "%{name} marked %{target}'s media as sensitive"
|
sensitive_account_html: "%{name} marked %{target}'s media as sensitive"
|
||||||
silence_account: "%{name} silenced %{target}'s account"
|
silence_account_html: "%{name} silenced %{target}'s account"
|
||||||
suspend_account: "%{name} suspended %{target}'s account"
|
suspend_account_html: "%{name} suspended %{target}'s account"
|
||||||
unassigned_report: "%{name} unassigned report %{target}"
|
unassigned_report_html: "%{name} unassigned report %{target}"
|
||||||
unsensitive_account: "%{name} unmarked %{target}'s media as sensitive"
|
unsensitive_account_html: "%{name} unmarked %{target}'s media as sensitive"
|
||||||
unsilence_account: "%{name} unsilenced %{target}'s account"
|
unsilence_account_html: "%{name} unsilenced %{target}'s account"
|
||||||
unsuspend_account: "%{name} unsuspended %{target}'s account"
|
unsuspend_account_html: "%{name} unsuspended %{target}'s account"
|
||||||
update_announcement: "%{name} updated announcement %{target}"
|
update_announcement_html: "%{name} updated announcement %{target}"
|
||||||
update_custom_emoji: "%{name} updated emoji %{target}"
|
update_custom_emoji_html: "%{name} updated emoji %{target}"
|
||||||
update_domain_block: "%{name} updated domain block for %{target}"
|
update_domain_block_html: "%{name} updated domain block for %{target}"
|
||||||
update_status: "%{name} updated status by %{target}"
|
update_status_html: "%{name} updated status by %{target}"
|
||||||
deleted_status: "(deleted status)"
|
deleted_status: "(deleted status)"
|
||||||
empty: No logs found.
|
empty: No logs found.
|
||||||
filter_by_action: Filter by action
|
filter_by_action: Filter by action
|
||||||
|
|
Loading…
Reference in New Issue