Refactor Alert partial to ViewComponent

[aduth]

Why: Consistency, for all the benefits of using ViewComponent in the first place, and to avoid further entrenching ourselves into the partial with ongoing work including alerts (e.g. vendor outages handling).

Easier review with whitespace hidden: ?w=1

[zachmargolis]

LGTM!

[aduth]

message.html_safe :[ :[ is that because the message gets serialized into the flash and loses its notion of HTML safeness?

It existed previously, but yeah, I don't love it either. I don't recall off the top of my head what it's needed for, but I'll dig a bit to see if we need it or could remove it.

[aduth]

message.html_safe :[ :[ is that because the message gets serialized into the flash and loses its notion of HTML safeness?

So, we do still need it in some circumstances, such as the IAL2 "review" screen:

identity-idp/app/controllers/idv/review_controller.rb

Line 40 in fdfb916

flash_now[:success] = flash_message_content

I think the reason is related to the caveat mentioned in the Rails i18n documentation:

Automatic conversion to HTML safe translate text is only available from the translate view helper method.

Because the translation is happening in the controller, I suppose it's not automatically marked as safe.

That being said, it seems like the sort of thing we ought to opt-in to, by explicitly calling .html_safe on the translation result.

They're a bit tricky to track down, though. I tried doing some regex searches like flash(_now)?\[(.|\n)+?_html, or looking for HTML in notices/en.yml and errors/en.yml, but that doesn't seem particularly exhaustive. Aside from trusting our tests, do you have any other ideas for how we might track these down?

[zachmargolis]

They're a bit tricky to track down, though. I tried doing some regex searches like flash(_now)?\[(.|\n)+?_html, or looking for HTML in notices/en.yml and errors/en.yml, but that doesn't seem particularly exhaustive. Aside from trusting our tests, do you have any other ideas for how we might track these down?

We could add a wrapper around flash assignment that checks for < inside of the strings we set in the flash and log a message with the source line, and deploy it for a week or two and see what turns up?

But either way, like you said it was already there and I think the html_safe might be worth filing a followup ticket for

[zachmargolis]

admin merging to get around codeclimate issue