mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-22 12:35:07 +01:00
876840e9ef
As far as I understand, the brakeman warning was a false-positive as `content_tag` properly escapes untrusted HTML. Furthermore, the interpolated string values are built from the “username” part of accounts, which is restricted to a small subset of ASCII that precludes any XML entity or HTML code. This proposed change should be functionally equivalent to the current code, however it is slightly more robust, it's more idiomatic, and Brakeman will stop complaining about it.
10 lines
553 B
Plaintext
10 lines
553 B
Plaintext
.log-entry
|
|
.log-entry__header
|
|
.log-entry__avatar
|
|
= image_tag action_log.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar'
|
|
.log-entry__content
|
|
.log-entry__title
|
|
= t("admin.action_logs.actions.#{action_log.action}_#{action_log.target_type.underscore}_html", name: content_tag(:span, action_log.account.username, class: 'username'), target: content_tag(:span, log_target(action_log), class: 'target'))
|
|
.log-entry__timestamp
|
|
%time.formatted{ datetime: action_log.created_at.iso8601 }
|