Ensure that rendered views has no HTML escaped tags
What does this MR do and why?
This MR adds a shared context which ensures in each view spec
example that rendered
does not contain any HTML escapes.
This shared context is run for every view spec (via RSpec's type: :view
metadata).
This is to catch cases where we forget to use .html_safe
.
This check can be disabled via :skip_html_escaped_tags_check
in cases where it is explicitly tested whether HTML tags are escaped.
Example failure message
Failures:
1) notify/approved_merge_request_email.html.haml contains approval information
Failure/Error:
raise <<~MESSAGE
The following string contains HTML escaped tags:
#{string}
Please consider using `.html_safe`.
This check can be disabled via:
it #{example.description.inspect}, match_html_escaped_tags: false do
RuntimeError:
The following string contains HTML escaped tags:
yle="height:18px;width:18px;margin-bottom:-4px;">
«<span» style="font-weight: 600;color:#333333;"
Please consider using `.html_safe`.
This check can be disabled via:
it "contains approval information", :skip_html_escaped_tags_check do
...
end
Out of scope
This MR does not verify the rendered email content contains escaped HTML tags. However, some mailers use views to render emails.
Verify locally
- Revert !96548 (merged) via
git revert -m 1 8fba8900
- Run specs via
bin/rspec spec/views/notify/approved_merge_request_email.html.haml_spec.rb
- See failure from above
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Peter Leitzen