Conversation
There was a problem hiding this comment.
The copy for was like Some sentence. %{cancel_link} so I figured might as well split this out into two separate i18n keys
* Makes sure they actually contain HTML changelog: Internal, Source code, Make HTML escaping in translations consistent
zachmargolis
force-pushed
the
margolis-lint-html-yml
branch
from
afe3876 to
dc13fd9
Compare
|
I think I got this working and cleaned up the whole codebase! PTAL! |
| <p><%= t('notices.forgot_password.no_email_sent_explanation_start') %> | ||
| <%= f.button :button, t('links.resend'), class: 'usa-button--unstyled margin-left-05' %></p> | ||
|
|
||
| <% link = link_to( |
There was a problem hiding this comment.
I chose to inline this assignment
|
|
||
| <%= render PageHeadingComponent.new.with_content(t('forms.verify_profile.welcome_back')) %> | ||
| <%= sanitize t('forms.verify_profile.welcome_back_description'), tags: %w[p strong] %> | ||
| <%= t('forms.verify_profile.welcome_back_description_html') %> |
There was a problem hiding this comment.
the _html does the same marking as HTML-safe that sanitize does basically
There was a problem hiding this comment.
I guess the sanitize would have been stricter about the allowed tags? But I don't think we worry about that with non-user-provided strings like this, or at least we don't elsewhere.
There was a problem hiding this comment.
Yeah with hard coded string I don't think we gain much benefit from sanitize
| <%= raw t( | ||
| '.help', disavowal_link: link_to( | ||
| <%= t( | ||
| '.help_html', disavowal_link_html: link_to( |
There was a problem hiding this comment.
ditto here, switching to an _html key is the same as raw
| <%= t('notices.signed_up_and_confirmed.no_email_sent_explanation_start') %> | ||
| <%= button_to(add_email_resend_path, method: :post, class: 'usa-button usa-button--unstyled', form_class: 'display-inline-block padding-left-1') { t('links.resend') } %> | ||
|
|
||
| <p><% link = link_to(t('notices.use_diff_email.link'), add_email_path) %></p> |
There was a problem hiding this comment.
this was an empty <p> tag because <% doesn't output anything, so I removed it when inlining the variable
| de sauvegarde en lieu sûr. Si vous perdez vos codes de sauvegarde, vous | ||
| ne pourrez plus vous connecter à %{app_name}. | ||
| new_backup_codes_html: J’ai besoin de nouveaux codes de sauvegarde | ||
| new_backup_codes_html: J’ai besoin de nouveaux codes de sauvegarde​ |
There was a problem hiding this comment.
ok so for this one, the English copy has to control word wrapping, but I didn't know the appropriate place to put one in the other languages, so I added ​ to the end because it should be invisible and not affect the wrapping
There was a problem hiding this comment.
it's also the specific string from #8708
There was a problem hiding this comment.
(Saw this comment after my previous remark)
| t( | ||
| "instructions.mfa.#{otp_delivery_preference}.number_message_html", | ||
| number: content_tag(:strong, phone_number), | ||
| number_html: content_tag(:strong, phone_number), |
There was a problem hiding this comment.
Just to clarify: Does the automated test catch that this should be _html-suffixed, or was it manual? Since the HTML only comes at the runtime code via content_tag
There was a problem hiding this comment.
Or I suppose you were able to work your way backward on the parent string (e.g. number_message_html) that was otherwise flagged for an unnecessary _html to see why it was in-fact necessary.
There was a problem hiding this comment.
Correct the parent tag had an un-necessary HTML without that
|
|
||
| <%= render PageHeadingComponent.new.with_content(t('forms.verify_profile.welcome_back')) %> | ||
| <%= sanitize t('forms.verify_profile.welcome_back_description'), tags: %w[p strong] %> | ||
| <%= t('forms.verify_profile.welcome_back_description_html') %> |
There was a problem hiding this comment.
I guess the sanitize would have been stricter about the allowed tags? But I don't think we worry about that with non-user-provided strings like this, or at least we don't elsewhere.
| respaldo. No podrá iniciar sesión en %{app_name} si pierde sus códigos | ||
| de respaldo. | ||
| new_backup_codes_html: Necesito nuevos códigos de respaldo | ||
| new_backup_codes_html: Necesito nuevos códigos de respaldo​ |
There was a problem hiding this comment.
Was the ​ added here to avoid having it be flagged?
I wonder if we should only check that at least one of the locales has HTML?
Alternatively, the idea with the in the English version is to keep "backup codes" together on the same line, and I suppose we could do something similar in other languages like códigos de respaldo
There was a problem hiding this comment.
If you think that's a better way to prevent wrapping, I'm all for it? I didn't have a sense of the font size/layout of this page
There was a problem hiding this comment.
What do you think about the idea of the new test only running over the en.yml file, or just checking that at least one of the locales has HTML? So that we don't need to change this file.
There was a problem hiding this comment.
I like the idea of checking that "at least one" has HTML... but the current structure of the assertions is each file independently, not grouped by locale. Let me noodle on that
There was a problem hiding this comment.
Gave it a shot in a300659, PTAL!
I futzed with it, so a failure where one string has HTML but none of them should looks like this now:
Failures:
1) I18n config/locales/two_factor_authentication has HTML inside at least one locale string for all keys with .html or _html
Failure/Error: expect(bad_keys).to be_empty
expected `{"two_factor_authentication.account_reset.cancel_link"=>{"en"=>"Cancel your request", "es"=>"Cancelar su solicitud <STRONG>", "fr"=>"Annuler votre demande"}}.empty?` to be truthy, got false
| de sauvegarde en lieu sûr. Si vous perdez vos codes de sauvegarde, vous | ||
| ne pourrez plus vous connecter à %{app_name}. | ||
| new_backup_codes_html: J’ai besoin de nouveaux codes de sauvegarde | ||
| new_backup_codes_html: J’ai besoin de nouveaux codes de sauvegarde​ |
There was a problem hiding this comment.
(Saw this comment after my previous remark)
| t('instructions.mfa.piv_cac.no_certificate_html', try_again_html: try_again_link) | ||
| when 'certificate.not_auth_cert' | ||
| t('instructions.mfa.piv_cac.not_auth_cert_html', please_try_again: please_try_again_link) | ||
| t('instructions.mfa.piv_cac.not_auth_cert_html', please_try_again_html: please_try_again_link) |
There was a problem hiding this comment.
[question, nonblocking] why are we sometimes saying please and sometimes not?
There was a problem hiding this comment.
Are you asking about the specific copy? I'm not sure. Might be personal differences in how different engineers turn strings into keys
string needs the _html
3 participants
Follow-up to #8708 (comment)
I am trying to see what it would take to enforce:
_htmlsuffix_htmlsuffix actually contain HTML that needs escaping