[openstreetmap/openstreetmap-website] Use partials to support complex flash messages (#3232)

Andy Allan notifications at github.com
Wed Jun 23 19:26:40 UTC 2021 

This PR addresses #3215. I did a bunch of research to see what alternative approaches people were using - mostly, it seems, just opening themselves up to security errors by using .html_safe everywhere, going by the blogs and stackoverflow comments that I found. 

However, an approach I saw mentioned a couple of times and in particular used by a mysociety application is to use the ability of flash messages to store Hashes. Then you can use this Hash to render a template, either to include html or just to use the translation features. Since the only things we pass to the flash object is some strings that will need escaping (and we don't store any html anywhere in the flash object) everything works nicely. I'm quite pleased with this approach.

I also took the opportunity to move the flash messages to use a flex layout instead of custom CSS, which uncovered a small issue involving padding on floated elements in the header, so that was fixed too.
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/3232

-- Commit Summary --

  * Use hash-based flash objects to render complex flash messages
  * Use paragraphs instead of line breaks, and avoid using html in translation strings
  * Remove unnecessary padding-bottom override on the header h1
  * Ensure that all floated elements in the header stay within it
  * Refactor flash messages to use a flex row for positioning
  * Refactor terms declined flash message to use a partial

-- File Changes --

    M app/assets/stylesheets/common.scss (19)
    M app/assets/stylesheets/small.scss (4)
    M app/controllers/confirmations_controller.rb (2)
    M app/controllers/users_controller.rb (2)
    M app/helpers/application_helper.rb (10)
    A app/views/confirmations/_resend_success_flash.html.erb (2)
    M app/views/layouts/_flash.html.erb (42)
    M app/views/layouts/_header.html.erb (2)
    A app/views/users/_terms_declined_flash.html.erb (1)
    M config/locales/en.yml (10)
    M test/controllers/confirmations_controller_test.rb (3)
    A test/system/confirmation_resend.rb (26)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/3232.patch
https://github.com/openstreetmap/openstreetmap-website/pull/3232.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3232
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210623/bc190cc5/attachment.htm>

More information about the rails-dev mailing list