Add new cop Gitlab/Rails/SafeFormat (!121313) · Merge requests · GitLab.org / GitLab

Peter Leitzen requested to merge pl-rubocop-rails-safe-format into master May 20, 2023

What does this MR do and why?

Enforce safe_format for externalized strings with interpolations and .html_safe.

# bad
_('string %{open}foo%{close}').html_safe % { open: '<b>'.html_safe, close: '</b>'.html_safe }
format(_('string %{open}foo%{close}').html_safe, open: '<b>'.html_safe, close: '</b>'.

# good
safe_format(_('string %{open}foo%{close}'), tag_pair(tag.b, :open, :close)

# also good no `html_safe
format(_('string %{var} number'), var: var)

Contributes to #374091 (closed).

See https://docs.gitlab.com/ee/development/i18n/externalization.html#html

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 14, 2024 by Peter Leitzen

Add new cop Gitlab/Rails/SafeFormat

What does this MR do and why?

MR acceptance checklist

Merge request reports