Add new cop Gitlab/Rails/SafeFormat
What does this MR do and why?
Enforce safe_format
for externalized strings with interpolations and
.html_safe
.
# bad
_('string %{open}foo%{close}').html_safe % { open: '<b>'.html_safe, close: '</b>'.html_safe }
format(_('string %{open}foo%{close}').html_safe, open: '<b>'.html_safe, close: '</b>'.
# good
safe_format(_('string %{open}foo%{close}'), tag_pair(tag.b, :open, :close)
# also good no `html_safe
format(_('string %{var} number'), var: var)
Contributes to #374091 (closed).
See https://docs.gitlab.com/ee/development/i18n/externalization.html#html
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Peter Leitzen