[openstreetmap/openstreetmap-website] Added color preview box in tag browser sidebar (#1779)
Štefan Baebler
notifications at github.com
Mon Mar 19 07:12:20 UTC 2018
@mmd-osm tnx for noticing. In 23fa74823a66df95330f75f9bfd5cb2bffcb2505 i have fixed that by marking the html markup string as `html_safe` to prevent ruby from html escaping it.
It works:
...but rubocop [complains](https://travis-ci.org/openstreetmap/openstreetmap-website/builds/355233870) with:
```
app/helpers/browse_helper.rb:80:183: C: Rails/OutputSafety: Tagging a string as html safe may be a security risk.
%( <div class="colour-preview-box" style="background-color:#{h(value)}" title="#{h(t('browse.tag_details.colour_preview', :colour_value => colour_value))}"></div>#{h(value)} ).html_safe
```
Not sure how to fix that properly. @tomhughes, is it ok to add the exception to the whole file to `.rubocop*.yml` or is there a better way (adding exception for just this line or preventing the unwanted html escaping in some other way)?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/1779#issuecomment-374119951
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20180319/4971d9af/attachment.html>
More information about the rails-dev
mailing list