diff options
Diffstat (limited to 'app')
38 files changed, 92 insertions, 88 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 970dfca45..3e8c0a5f6 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -327,9 +327,9 @@ class RequestController < ApplicationController message = "" if @outgoing_message.contains_email? if @user.nil? - message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; else - message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; end message += _("<p>We recommend that you edit your request and remove the email address. If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") @@ -630,7 +630,7 @@ class RequestController < ApplicationController if !params[:submitted_followup].nil? && !params[:reedit] if @info_request.allow_new_responses_from == 'nobody' - flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path] + flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe else if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body]) flash[:error] = _('You previously submitted that exact follow up message for this request.') diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6411cf27e..b9ba712a4 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -35,15 +35,15 @@ module ApplicationHelper end end - error_messages = [] + error_messages = "".html_safe for object in objects object.errors.each do |attr, message| - error_messages << content_tag(:li, message) + error_messages << content_tag(:li, h(message)) end end content_tag(:div, - content_tag(:ul, error_messages.join), + content_tag(:ul, error_messages), html ) else diff --git a/app/models/comment.rb b/app/models/comment.rb index 5507910e2..bcd1efca8 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -68,7 +68,7 @@ class Comment < ActiveRecord::Base text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) text = text.gsub(/\n/, '<br>') - return text + return text.html_safe end # When posting a new comment, use this to check user hasn't double submitted. diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb index 339a7a3e2..3f551f420 100644 --- a/app/models/incoming_message.rb +++ b/app/models/incoming_message.rb @@ -695,7 +695,7 @@ class IncomingMessage < ActiveRecord::Base text = text.gsub(/\n/, '<br>') text = text.gsub(/(?:<br>\s*){2,}/, '<br><br>') # remove excess linebreaks that unnecessarily space it out - return text + return text.html_safe end diff --git a/app/models/info_request.rb b/app/models/info_request.rb index 3355b9443..cee9eb959 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -284,9 +284,9 @@ public # into some sort of separate jurisdiction dependent file if self.public_body.url_name == 'general_register_office' # without GQ in the subject, you just get an auto response - _('{{law_used_full}} request GQ - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title) + _('{{law_used_full}} request GQ - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe) else - _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title) + _('{{law_used_full}} request - {{title}}',:law_used_full=>self.law_used_full,:title=>self.title.html_safe) end end def email_subject_followup(incoming_message = nil) diff --git a/app/models/outgoing_message.rb b/app/models/outgoing_message.rb index 2e98e1021..441813e5f 100644 --- a/app/models/outgoing_message.rb +++ b/app/models/outgoing_message.rb @@ -252,7 +252,7 @@ class OutgoingMessage < ActiveRecord::Base text = MySociety::Format.make_clickable(text, :contract => 1) text.gsub!(/\[(email address|mobile number)\]/, '[<a href="/help/officers#mobiles">\1</a>]') text = text.gsub(/\n/, '<br>') - return text + return text.html_safe end def fully_destroy diff --git a/app/models/public_body.rb b/app/models/public_body.rb index 96f7733ed..f71520ee6 100644 --- a/app/models/public_body.rb +++ b/app/models/public_body.rb @@ -301,7 +301,7 @@ class PublicBody < ActiveRecord::Base ret = ret + " and " end ret = ret + types[-1] - return ret + return ret.html_safe else return _("A public authority") end diff --git a/app/models/track_thing.rb b/app/models/track_thing.rb index 2a61eb858..81800f0ae 100644 --- a/app/models/track_thing.rb +++ b/app/models/track_thing.rb @@ -203,7 +203,7 @@ class TrackThing < ActiveRecord::Base :verb_on_page => _("Follow this request"), :verb_on_page_already => _("You are already following this request"), # Email - :title_in_email => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title), + :title_in_email => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title.html_safe), :title_in_rss => _("New updates for the request '{{request_title}}'", :request_title => self.info_request.title), # Authentication :web => _("To follow the request '{{request_title}}'", :request_title => CGI.escapeHTML(self.info_request.title)), @@ -270,7 +270,7 @@ class TrackThing < ActiveRecord::Base :verb_on_page => _("Follow this person"), :verb_on_page_already => _("You are already following this person"), # Email - :title_in_email => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name), + :title_in_email => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name.html_safe), :title_in_rss => _("FOI requests by '{{user_name}}'", :user_name=>self.tracked_user.name), # Authentication :web => _("To follow requests by '{{user_name}}'", :user_name=>CGI.escapeHTML(self.tracked_user.name)), diff --git a/app/views/admin_public_body/import_csv.rhtml b/app/views/admin_public_body/import_csv.rhtml index 62908ba52..1c6100838 100644 --- a/app/views/admin_public_body/import_csv.rhtml +++ b/app/views/admin_public_body/import_csv.rhtml @@ -32,7 +32,7 @@ <label for="tag_behaviour">What to do with existing tags?</label> <%= select_tag 'tag_behaviour', "<option value='add' selected>Add new tags to existing ones</option> - <option value='replace'>Replace existing tags with new ones</option>" + <option value='replace'>Replace existing tags with new ones</option>".html_safe %> </p> diff --git a/app/views/admin_public_body/show.rhtml b/app/views/admin_public_body/show.rhtml index 094007c02..cee306988 100644 --- a/app/views/admin_public_body/show.rhtml +++ b/app/views/admin_public_body/show.rhtml @@ -66,7 +66,7 @@ end # Highlight entries which have changed since previous version changed = (!['version', 'last_edit_editor', 'last_edit_comment'].include?(column.name)) && ((historic_public_body.send(column.name) != @public_body.sorted_versions[historic_public_body.version - 2].send(column.name)) || (historic_public_body.version == 1)) %> - <td <%= changed ? ' class="entry_changed" ': '' %> > + <td <%= changed ? ' class="entry_changed" '.html_safe: '' %> > <%=value%> </td> <% end %> diff --git a/app/views/comment/_comment_form.rhtml b/app/views/comment/_comment_form.rhtml index d430f25c8..120929643 100644 --- a/app/views/comment/_comment_form.rhtml +++ b/app/views/comment/_comment_form.rhtml @@ -13,7 +13,7 @@ <%= hidden_field_tag 'submitted_comment', 1 %> <%= hidden_field_tag 'preview', 1 %> <%= submit_tag _('Preview your annotation') %> - <%= _(' (<strong>no ranty</strong> politics, read our <a href="%s">moderation policy</a>)') % [help_requesting_path+'#moderation'] %> + <%= raw(_(' (<strong>no ranty</strong> politics, read our <a href="%s">moderation policy</a>)') % [help_requesting_path+'#moderation']) %> </p> <% end %> diff --git a/app/views/general/blog.rhtml b/app/views/general/blog.rhtml index 5258e9bbd..07d6d2f14 100644 --- a/app/views/general/blog.rhtml +++ b/app/views/general/blog.rhtml @@ -26,9 +26,9 @@ <p class="subtitle"><%= _("Posted on {{date}} by {{author}}", :date=>simple_date(Time.parse(item['pubDate'][0])), :author=>item['creator']) %></p> <div> <% if item['encoded'] %> - <%= item['encoded'] %> + <%= raw item['encoded'] %> <% elsif item['description'] %> - <%= item['description'] %> + <%= raw item['description'] %> <% end %> </div> <p><em> diff --git a/app/views/general/search.rhtml b/app/views/general/search.rhtml index a1f8c8f04..6df12d980 100644 --- a/app/views/general/search.rhtml +++ b/app/views/general/search.rhtml @@ -164,7 +164,7 @@ <% if @spelling_correction %> <p id="did_you_mean"><%= _('Did you mean: {{correction}}', :correction => search_link(@spelling_correction, @postfix)) %></p> <% end %> - <p><%= _('<a href="%s">Browse all</a> or <a href="%s">ask us to add one</a>.') % [list_public_bodies_default, help_requesting_path + '#missing_body'] %></p> + <p><%= raw(_('<a href="%s">Browse all</a> or <a href="%s">ask us to add one</a>.') % [list_public_bodies_default, help_requesting_path + '#missing_body']) %></p> <% end %> </div> diff --git a/app/views/layouts/contact_mailer.rhtml b/app/views/layouts/contact_mailer.rhtml index 5b8b44402..3cdc75009 100644 --- a/app/views/layouts/contact_mailer.rhtml +++ b/app/views/layouts/contact_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_paragraphs(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_paragraphs(yield) %> diff --git a/app/views/layouts/outgoing_mailer.rhtml b/app/views/layouts/outgoing_mailer.rhtml index dbb18483f..8bf8ef216 100644 --- a/app/views/layouts/outgoing_mailer.rhtml +++ b/app/views/layouts/outgoing_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_lines(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_lines(yield) %> diff --git a/app/views/layouts/request_mailer.rhtml b/app/views/layouts/request_mailer.rhtml index 5b8b44402..3cdc75009 100644 --- a/app/views/layouts/request_mailer.rhtml +++ b/app/views/layouts/request_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_paragraphs(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_paragraphs(yield) %> diff --git a/app/views/layouts/user_mailer.rhtml b/app/views/layouts/user_mailer.rhtml index 5b8b44402..3cdc75009 100644 --- a/app/views/layouts/user_mailer.rhtml +++ b/app/views/layouts/user_mailer.rhtml @@ -1 +1 @@ -<%= MySociety::Format.wrap_email_body_by_paragraphs(yield) %> +<%= raw MySociety::Format.wrap_email_body_by_paragraphs(yield) %> diff --git a/app/views/public_body/_list_sidebar_extra.rhtml b/app/views/public_body/_list_sidebar_extra.rhtml index 6857a7eb5..54f20a736 100644 --- a/app/views/public_body/_list_sidebar_extra.rhtml +++ b/app/views/public_body/_list_sidebar_extra.rhtml @@ -1,5 +1,5 @@ <p> - <%= _('<a href="%s">Are we missing a public authority?</a>') % [help_requesting_path + '#missing_body'] %> + <%= raw(_('<a href="%s">Are we missing a public authority?</a>') % [help_requesting_path + '#missing_body']) %> </p> <p> <%= link_to _('List of all authorities (CSV)'), all_public_bodies_csv_url() %> diff --git a/app/views/public_body/list.rhtml b/app/views/public_body/list.rhtml index 3a64de1f7..94fbb759c 100644 --- a/app/views/public_body/list.rhtml +++ b/app/views/public_body/list.rhtml @@ -43,5 +43,5 @@ <%= render :partial => 'body_listing', :locals => { :public_bodies => @public_bodies } %> <%= will_paginate(@public_bodies) %><br/> - <%= _('<a href="%s">Can\'t find the one you want?</a>') % [help_requesting_path + '#missing_body'] %> + <%= raw _('<a href="%s">Can\'t find the one you want?</a>') % [help_requesting_path + '#missing_body'] %> </div> diff --git a/app/views/public_body/show.rhtml b/app/views/public_body/show.rhtml index e13f9d1c0..6431b4742 100644 --- a/app/views/public_body/show.rhtml +++ b/app/views/public_body/show.rhtml @@ -4,7 +4,7 @@ <h2><%= _('Follow this authority')%></h2> <% follower_count = TrackThing.count(:all, :conditions => ["public_body_id = ?", @public_body.id]) %> - <p><%= n_("<span id='follow_count'>%d</span> person is following this authority", "<span id='follow_count'>%d</span> people are following this authority", follower_count) % follower_count %></p> + <p><%= raw(n_("<span id='follow_count'>%d</span> person is following this authority", "<span id='follow_count'>%d</span> people are following this authority", follower_count) % follower_count) %></p> <%= render :partial => 'track/tracking_links', :locals => { :track_thing => @track_thing, :own_request => false, :location => 'sidebar' } %> <h2><%= _('More about this authority')%></h2> diff --git a/app/views/request/_after_actions.rhtml b/app/views/request/_after_actions.rhtml index 221634549..3d74cf42d 100644 --- a/app/views/request/_after_actions.rhtml +++ b/app/views/request/_after_actions.rhtml @@ -7,7 +7,7 @@ <ul> <% if @info_request.comments_allowed? %> <li> - <%= _('<a href="%s">Add an annotation</a> (to help the requester or others)') % [new_comment_url(:url_title => @info_request.url_title)] %> + <%= raw(_('<a href="%s">Add an annotation</a> (to help the requester or others)') % [new_comment_url(:url_title => @info_request.url_title)]) %> </li> <% end %> <% if @old_unclassified %> diff --git a/app/views/request/_followup.rhtml b/app/views/request/_followup.rhtml index be57ac9ef..451932b8d 100644 --- a/app/views/request/_followup.rhtml +++ b/app/views/request/_followup.rhtml @@ -44,9 +44,9 @@ <% else %> <% if @internal_review %> <p> - <%= _('If you are dissatisfied by the response you got from + <%= raw(_('If you are dissatisfied by the response you got from the public authority, you have the right to - complain (<a href="%s">details</a>).') % "http://foiwiki.com/foiwiki/index.php/Internal_reviews" %> + complain (<a href="%s">details</a>).') % "http://foiwiki.com/foiwiki/index.php/Internal_reviews") %> </p> <% end %> @@ -63,14 +63,14 @@ <%= _('in term time') %> <% end %> <%= _('by <strong>{{date}}</strong>',:date=>simple_date(@info_request.date_response_required_by)) %> - (<%= _('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"] %>). + (<%= raw(_('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"]) %>). </p> <% elsif status == 'waiting_response_very_overdue' %> <p> <%= _('The response to your request is <strong>long overdue</strong>. You can say that, by law, under all circumstances, the authority should have responded - by now') %> (<%= _('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"] %>). + by now') %> (<%= raw(_('<a href="%s">details</a>') % ["#{help_requesting_path}#quickly_response"]) %>). </p> <% end %> @@ -98,7 +98,7 @@ <div> <%= radio_button "outgoing_message", "what_doing", "internal_review", :id => "internal_review" %> <label for="internal_review"><%= _('I am requesting an <strong>internal review</strong>') %> - <%= _('<a href="%s">what\'s that?</a>') % ["/help/unhappy"] %> + <%= raw(_('<a href="%s">what\'s that?</a>') % ["/help/unhappy"]) %> </label> </div> <div> diff --git a/app/views/request/_hidden_correspondence.rhtml b/app/views/request/_hidden_correspondence.rhtml index 0ea6fcddd..0873b312f 100644 --- a/app/views/request/_hidden_correspondence.rhtml +++ b/app/views/request/_hidden_correspondence.rhtml @@ -7,21 +7,21 @@ %> <div class="correspondence" id="incoming-<%=incoming_message.id.to_s%>"> <p> - <%= _('This response has been hidden. See annotations to find out why. - If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)] %> + <%= raw(_('This response has been hidden. See annotations to find out why. + If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]) %> </p> </div> <% elsif [ 'sent', 'followup_sent', 'resent', 'followup_resent' ].include?(info_request_event.event_type) %> <div class="correspondence" id="outgoing-<%=outgoing_message.id.to_s%>"> <p> - <%= _('This outgoing message has been hidden. See annotations to - find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)] %> + <%= raw(_('This outgoing message has been hidden. See annotations to + find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]) %> </p> </div> <% elsif info_request_event.event_type == 'comment' %> <div class="comment_in_request" id="comment-<%=comment.id.to_s%>"> - <p><%= _('This comment has been hidden. See annotations to - find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]%> + <p><%= raw(_('This comment has been hidden. See annotations to + find out why. If you are the requester, then you may <a href="%s">sign in</a> to view the response.') % [signin_url(:r => request.request_uri)]) %> </p> </div> <% end %> diff --git a/app/views/request/_sidebar.rhtml b/app/views/request/_sidebar.rhtml index 18684943a..b669278f9 100644 --- a/app/views/request/_sidebar.rhtml +++ b/app/views/request/_sidebar.rhtml @@ -17,10 +17,10 @@ <% elsif @info_request.prominence == 'requester_only' %> <%# The eccentric formatting of the following string is in order that it be identical to the corresponding string in request/show.rhtml %> - <p><%= _('This request is hidden, so that only you the requester can see it. Please - <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path] %></p> + <p><%= raw(_('This request is hidden, so that only you the requester can see it. Please + <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path]) %></p> <% else %> - <p><%= _('This request has been marked for review by the site administrators, who have not hidden it at this time. If you believe it should be hidden, please <a href="%s">contact us</a>.') % [help_requesting_path] %></p> + <p><%= raw(_('This request has been marked for review by the site administrators, who have not hidden it at this time. If you believe it should be hidden, please <a href="%s">contact us</a>.') % [help_requesting_path]) %></p> <% end %> <% else %> <p><%= _('Requests for personal information and vexatious requests are not considered valid for FOI purposes (<a href="/help/about">read more</a>).') %></p> @@ -32,11 +32,15 @@ <div class="act_link"> <% tweet_link = "https://twitter.com/share?url=#{h(request.url)}&via=#{h(Configuration::twitter_username)}&text='#{h(@info_request.title)}'&related=#{_('alaveteli_foi:The software that runs {{site_name}}', :site_name => h(site_name))}" %> - <%= link_to '<img src="/images/twitter-16.png" alt="twitter icon">', tweet_link %> + <% link_to tweet_link do %> + <%= image_tag "twitter-16.png", :alt => "twitter icon" %> + <% end %> <%= link_to _("Tweet this request"), tweet_link %> </div> <div class="act_link"> - <%= link_to '<img src="/images/wordpress.png" alt="" class="rss">', "http://wordpress.com/"%> + <% link_to "http://wordpress.com/" do %> + <%= image_tag "wordpress.png", :class => "rss" %> + <% end %> <%= link_to _("Start your own blog"), "http://wordpress.com/"%> </div> @@ -59,7 +63,7 @@ <!-- this link with this wording is here for legal reasons, discuss with board and our lawyer before changing or removing it --> - <p><small><%= _('<a href="%s">Are you the owner of - any commercial copyright on this page?</a>') % [help_officers_path+"#copyright"] %></small></p> + <p><small><%= raw(_('<a href="%s">Are you the owner of + any commercial copyright on this page?</a>') % [help_officers_path+"#copyright"]) %></small></p> </div> diff --git a/app/views/request/followup_bad.rhtml b/app/views/request/followup_bad.rhtml index 7efa3f826..c892263e6 100644 --- a/app/views/request/followup_bad.rhtml +++ b/app/views/request/followup_bad.rhtml @@ -9,21 +9,21 @@ <% if @reason == 'not_apply' %> <!-- we should never get here, but just in case give a sensible message --> <p><%= _('Freedom of Information law no longer applies to') %> <%=h @info_request.public_body.name %>. - <%= _('From the request page, try replying to a particular message, rather than sending + <%= raw(_('From the request page, try replying to a particular message, rather than sending a general followup. If you need to make a general followup, and know - an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path] %> + an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path]) %> </p> <% elsif @reason == 'defunct' %> <!-- we should never get here, but just in case give a sensible message --> - <p><%=h @info_request.public_body.name %> <%= _('no longer exists. If you are trying to make + <p><%=h @info_request.public_body.name %> <%= raw(_('no longer exists. If you are trying to make From the request page, try replying to a particular message, rather than sending a general followup. If you need to make a general followup, and know - an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path] %> + an email which will go to the right place, please <a href="%s">send it to us</a>.') % [help_contact_path]) %> </p> <% elsif @reason == 'bad_contact' %> - <p><%= _('We do not have a working {{law_used_full}} address for {{public_body_name}}.',:law_used_full=>h(@info_request.law_used_full),:public_body_name=>h(@info_request.public_body.name)) %> <%= _('You may be able to find + <p><%= _('We do not have a working {{law_used_full}} address for {{public_body_name}}.',:law_used_full=>h(@info_request.law_used_full),:public_body_name=>h(@info_request.public_body.name)) %> <%= raw(_('You may be able to find one on their website, or by phoning them up and asking. If you manage - to find one, then please <a href="%s">send it to us</a>.') % [help_contact_path] %> + to find one, then please <a href="%s">send it to us</a>.') % [help_contact_path]) %> </p> <% elsif @reason == 'external' %> <p><%= _("Followups cannot be sent for this request, as it was made externally, and published here by {{public_body_name}} on the requester's behalf.", :public_body_name => h(@info_request.public_body.name)) %> diff --git a/app/views/request/hidden.rhtml b/app/views/request/hidden.rhtml index a4afb63c6..2d038a663 100644 --- a/app/views/request/hidden.rhtml +++ b/app/views/request/hidden.rhtml @@ -6,13 +6,13 @@ <%=@details%> </p> -<p><%= _('The request you have tried to view has been removed. There are +<p><%= raw(_('The request you have tried to view has been removed. There are various reasons why we might have done this, sorry we can\'t be more specific here. Please <a - href="%s">contact us</a> if you have any questions.') % [help_contact_path] %> + href="%s">contact us</a> if you have any questions.') % [help_contact_path]) %> </p> <% if @info_request.prominence == 'requester_only' %> <p> - <%= _('If you are the requester, then you may <a href="%s">sign in</a> to view the request.') % [signin_url(:r => request.request_uri)] %> + <%= raw(_('If you are the requester, then you may <a href="%s">sign in</a> to view the request.') % [signin_url(:r => request.request_uri)]) %> </p> <% end %> diff --git a/app/views/request/new.rhtml b/app/views/request/new.rhtml index fe4c2067d..f396ea9ec 100644 --- a/app/views/request/new.rhtml +++ b/app/views/request/new.rhtml @@ -98,7 +98,7 @@ <ul> <li><%= _('Write your request in <strong>simple, precise language</strong>.') %></li> <li><%= _('Ask for <strong>specific</strong> documents or information, this site is not suitable for general enquiries.') %></li> - <li><%= _('Keep it <strong>focused</strong>, you\'ll be more likely to get what you want (<a href="%s">why?</a>).') % [help_requesting_path + '#focused'] %></li> + <li><%= raw(_('Keep it <strong>focused</strong>, you\'ll be more likely to get what you want (<a href="%s">why?</a>).') % [help_requesting_path + '#focused']) %></li> </ul> </div> @@ -112,23 +112,23 @@ <% if !@user %> <p class="form_note"> - <%= _('Everything that you enter on this page, including <strong>your name</strong>, + <%= raw(_('Everything that you enter on this page, including <strong>your name</strong>, will be <strong>displayed publicly</strong> on - this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"] %> - <%= _('If you are thinking of using a pseudonym, - please <a href="%s">read this first</a>.') % [help_privacy_path+"#real_name"] %> + this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> + <%= raw(_('If you are thinking of using a pseudonym, + please <a href="%s">read this first</a>.') % [help_privacy_path+"#real_name"]) %> </p> <% else %> <p class="form_note"> - <%= _('Everything that you enter on this page + <%= raw(_('Everything that you enter on this page will be <strong>displayed publicly</strong> on - this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"] %> + this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %> </p> <% end %> <p class="form_note"> - <%= _("<strong> Can I request information about myself?</strong>\n" + - "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"] %> + <%= raw(_("<strong> Can I request information about myself?</strong>\n" + + "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"]) %> </p> <div class="form_button"> diff --git a/app/views/request/new_please_describe.rhtml b/app/views/request/new_please_describe.rhtml index ce80f51f0..ff27405b8 100644 --- a/app/views/request/new_please_describe.rhtml +++ b/app/views/request/new_please_describe.rhtml @@ -13,7 +13,7 @@ if they are successful yet or not.') %> </ul> <p> - <%= _('When you\'re done, <strong>come back here</strong>, <a href="%s">reload this page</a> and file your new request.') % [request.request_uri] %> + <%= raw(_('When you\'re done, <strong>come back here</strong>, <a href="%s">reload this page</a> and file your new request.') % [request.request_uri]) %> </p> <p> diff --git a/app/views/request/preview.rhtml b/app/views/request/preview.rhtml index 45b6a3dc1..8d1fd753e 100644 --- a/app/views/request/preview.rhtml +++ b/app/views/request/preview.rhtml @@ -5,8 +5,8 @@ <h1><%= _('3. Now check your request') %></h1> <ul> <li><%= _('Check you haven\'t included any <strong>personal information</strong>.') %></li> - <li><%= _('Your name, request and any responses will appear in <strong>search engines</strong> - (<a href="%s">details</a>).') % [help_privacy_path+"#public_request"] %> + <li><%= raw(_('Your name, request and any responses will appear in <strong>search engines</strong> + (<a href="%s">details</a>).') % [help_privacy_path+"#public_request"]) %> </li> </ul> @@ -28,8 +28,8 @@ </div> <% end %> - <p><%= _('<strong>Privacy note:</strong> If you want to request private information about - yourself then <a href="%s">click here</a>.') % [help_requesting_path+"#data_protection"] %> + <p><%= raw(_('<strong>Privacy note:</strong> If you want to request private information about + yourself then <a href="%s">click here</a>.') % [help_requesting_path+"#data_protection"]) %> <p> <%= f.hidden_field(:title) %> diff --git a/app/views/request/select_authority.rhtml b/app/views/request/select_authority.rhtml index 1166c3ff9..652c24da9 100644 --- a/app/views/request/select_authority.rhtml +++ b/app/views/request/select_authority.rhtml @@ -33,9 +33,9 @@ <% form_tag({:controller => "request", :action => "select_authority"}, {:id => "search_form", :method => "get"}) do %> <div> <p> - <%= _('First, type in the <strong>name of the UK public authority</strong> you\'d + <%= raw(_('First, type in the <strong>name of the UK public authority</strong> you\'d like information from. <strong>By law, they have to respond</strong> - (<a href="%s#%s">why?</a>).') % [help_about_url, "whybother_them"] %> + (<a href="%s#%s">why?</a>).') % [help_about_url, "whybother_them"]) %> </p> <%= text_field_tag 'query', params[:query], { :size => 30 } %> <%= hidden_field_tag 'bodies', 1 %> diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml index 7aff1aeab..0cae3a9aa 100644 --- a/app/views/request/show.rhtml +++ b/app/views/request/show.rhtml @@ -10,8 +10,8 @@ <% end %> <% if @info_request.prominence == 'requester_only' %> <p id="hidden_request"> - <%= _('This request is hidden, so that only you the requester can see it. Please - <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path] %> + <%= raw(_('This request is hidden, so that only you the requester can see it. Please + <a href="%s">contact us</a> if you are not sure why.') % [help_requesting_path]) %> </p> <% end %> @@ -80,11 +80,11 @@ <%= _('in term time') %> <% end %> <%= _('by') %> <strong><%= simple_date(@info_request.date_response_required_by) %></strong> - (<%= _('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response'] %>) + (<%= raw(_('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response']) %>) <% elsif @status == 'waiting_response_very_overdue' %> <%= _('Response to this request is <strong>long overdue</strong>.') %> <%= _('By law, under all circumstances, {{public_body_link}} should have responded by now',:public_body_link => public_body_link(@info_request.public_body)) %> - (<%= _('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response'] %>). + (<%= raw(_('<a href="%s">details</a>') % [help_requesting_path + '#quickly_response']) %>). <% if !@info_request.is_external? %> <%= _('You can <strong>complain</strong> by') %> <%= link_to _("requesting an internal review"), show_response_no_followup_url(:id => @info_request.id, :incoming_message_id => nil) + "?internal_review=1#followup" %>. diff --git a/app/views/request/show_response.rhtml b/app/views/request/show_response.rhtml index c40b37c3b..ac1f04227 100644 --- a/app/views/request/show_response.rhtml +++ b/app/views/request/show_response.rhtml @@ -26,8 +26,8 @@ <%= _('The authority only has a <strong>paper copy</strong> of the information.') %> </dt> <dd> - <%= _('At the bottom of this page, write a reply to them trying to persuade them to scan it in - (<a href="%s">more details</a>).') % [help_privacy_path + '#postal_answer'] %> + <%= raw(_('At the bottom of this page, write a reply to them trying to persuade them to scan it in + (<a href="%s">more details</a>).') % [help_privacy_path + '#postal_answer']) %> </dd> <dt> diff --git a/app/views/track/_tracking_links.rhtml b/app/views/track/_tracking_links.rhtml index 3ba9d15e2..06e87ac74 100644 --- a/app/views/track/_tracking_links.rhtml +++ b/app/views/track/_tracking_links.rhtml @@ -21,7 +21,7 @@ </div> <div class="feed_link feed_link_<%=location%>"> - <%= link_to '<img src="/images/feed-16.png" alt="">', do_track_url(track_thing, 'feed') %> + <%= link_to '<img src="/images/feed-16.png" alt="">'.html_safe, do_track_url(track_thing, 'feed') %> <%= link_to (location == 'sidebar' ? _('RSS feed of updates') : _('RSS feed')), do_track_url(track_thing, 'feed') %> </div> <% end %> diff --git a/app/views/track_mailer/event_digest.rhtml b/app/views/track_mailer/event_digest.rhtml index 2c2e3c957..dc8132b99 100644 --- a/app/views/track_mailer/event_digest.rhtml +++ b/app/views/track_mailer/event_digest.rhtml @@ -57,7 +57,7 @@ main_text += "\n" end -%><%=main_text%><%= _("Alter your subscription")%> +%><%=raw main_text%><%= _("Alter your subscription")%> ======================= <% _("Please click on the link below to cancel or alter these emails.") %> diff --git a/app/views/user/_signup.rhtml b/app/views/user/_signup.rhtml index bb93b9617..913423ffa 100644 --- a/app/views/user/_signup.rhtml +++ b/app/views/user/_signup.rhtml @@ -10,8 +10,8 @@ <%= text_field 'user_signup', 'email', { :size => 20, :tabindex => 60 } %> </p> <div class="form_item_note"> - <%= _('We will not reveal your email address to anybody unless you or - the law tell us to (<a href="%s">details</a>). ') %[help_privacy_path] %> + <%= raw(_('We will not reveal your email address to anybody unless you or + the law tell us to (<a href="%s">details</a>). ') %[help_privacy_path]) %> </div> <p> @@ -19,11 +19,11 @@ <%= text_field 'user_signup', 'name', { :size => 20, :tabindex => 70 } %> </p> <div class="form_item_note"> - <%= _('Your <strong>name will appear publicly</strong> + <%= raw(_('Your <strong>name will appear publicly</strong> (<a href="%s">why?</a>) on this website and in search engines. If you are thinking of using a pseudonym, please - <a href="%s">read this first</a>.') % [help_privacy_path+"#public_request", help_privacy_path+"#real_name"] %> + <a href="%s">read this first</a>.') % [help_privacy_path+"#public_request", help_privacy_path+"#real_name"]) %> </div> <p> diff --git a/app/views/user/no_cookies.rhtml b/app/views/user/no_cookies.rhtml index b5c36b57e..c291367f2 100644 --- a/app/views/user/no_cookies.rhtml +++ b/app/views/user/no_cookies.rhtml @@ -12,11 +12,11 @@ browser. Then press refresh to have another go.')%></p> <p><%= _('If your browser is set to accept cookies and you are seeing this message, then there is probably a fault with our server.')%> -<%= _('Please <a href="%s">get in touch</a> with us so we can fix it.') % [help_contact_path] %> +<%= raw(_('Please <a href="%s">get in touch</a> with us so we can fix it.') % [help_contact_path]) %> <%= _('Let us know what you were doing when this message appeared and your browser and operating system type and version.')%></p> -<p><%= _('If you are still having trouble, please <a href="%s">contact us</a>.') % [help_contact_path] %> +<p><%= raw(_('If you are still having trouble, please <a href="%s">contact us</a>.') % [help_contact_path]) %> </p> diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml index 12a9d3f74..31ea2a70b 100644 --- a/app/views/user/show.rhtml +++ b/app/views/user/show.rhtml @@ -97,7 +97,7 @@ <% if not @is_you %> <p id="user_not_logged_in"> - <%= _('<a href="%s">Sign in</a> to change password, subscriptions and more ({{user_name}} only)',:user_name=>h(@display_user.name)) % [signin_url(:r => request.request_uri)]%> + <%= raw(_('<a href="%s">Sign in</a> to change password, subscriptions and more ({{user_name}} only)',:user_name=>h(@display_user.name)) % [signin_url(:r => request.request_uri)]) %> </p> <% end %> </div> diff --git a/app/views/user/wrong_user_unknown_email.rhtml b/app/views/user/wrong_user_unknown_email.rhtml index 77a2ca001..c59c56941 100644 --- a/app/views/user/wrong_user_unknown_email.rhtml +++ b/app/views/user/wrong_user_unknown_email.rhtml @@ -1,8 +1,8 @@ <p id="sign_in_reason"> -<%= @reason_params[:web] %>. <%= _('Unfortunately we don\'t know the FOI +<%= @reason_params[:web] %>. <%= raw(_('Unfortunately we don\'t know the FOI email address for that authority, so we can\'t validate this. -Please <a href="%s">contact us</a> to sort it out.') % [help_contact_path] %> +Please <a href="%s">contact us</a> to sort it out.') % [help_contact_path]) %> </p> |