Refactor appeal partial to avoid brakeman XSS warning (#25880)
parent
bcd0171e5e
commit
9f218c9924
5 changed files with 47 additions and 36 deletions
@ -0,0 +1,19 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
module Admin |
||||
module DisputesHelper |
||||
def strike_action_label(appeal) |
||||
t(key_for_action(appeal), |
||||
scope: 'admin.strikes.actions', |
||||
name: content_tag(:span, appeal.strike.account.username, class: 'username'), |
||||
target: content_tag(:span, appeal.account.username, class: 'target')) |
||||
.html_safe |
||||
end |
||||
|
||||
private |
||||
|
||||
def key_for_action(appeal) |
||||
AccountWarning.actions.slice(appeal.strike.action).keys.first |
||||
end |
||||
end |
||||
end |
@ -0,0 +1,21 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'rails_helper' |
||||
|
||||
describe Admin::DisputesHelper do |
||||
describe 'strike_action_label' do |
||||
it 'returns html describing the appeal' do |
||||
adam = Account.new(username: 'Adam') |
||||
becky = Account.new(username: 'Becky') |
||||
strike = AccountWarning.new(account: adam, action: :suspend) |
||||
appeal = Appeal.new(strike: strike, account: becky) |
||||
|
||||
expected = <<~OUTPUT.strip |
||||
<span class="username">Adam</span> suspended <span class="target">Becky</span>'s account |
||||
OUTPUT |
||||
result = helper.strike_action_label(appeal) |
||||
|
||||
expect(result).to eq(expected) |
||||
end |
||||
end |
||||
end |
Loading…
Reference in new issue