Refactor appeal partial to avoid brakeman XSS warning (#25880)

2023-10-19 11:25:54 -04:00 · 2023-10-19 11:25:54 -04:00 · 9f218c9924
commit 9f218c9924
parent bcd0171e5e
5 changed files with 47 additions and 36 deletions
--- a/app/helpers/admin/disputes_helper.rb
+++ b/app/helpers/admin/disputes_helper.rb
@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Admin
+  module DisputesHelper
+    def strike_action_label(appeal)
+      t(key_for_action(appeal),
+        scope: 'admin.strikes.actions',
+        name: content_tag(:span, appeal.strike.account.username, class: 'username'),
+        target: content_tag(:span, appeal.account.username, class: 'target'))
+        .html_safe
+    end
+
+    private
+
+    def key_for_action(appeal)
+      AccountWarning.actions.slice(appeal.strike.action).keys.first
+    end
+  end
+end
--- a/app/views/admin/disputes/appeals/_appeal.html.haml
+++ b/app/views/admin/disputes/appeals/_appeal.html.haml
@ -4,7 +4,7 @@
      = image_tag appeal.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar'
    .log-entry__content
      .log-entry__title
-        = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.username, class: 'target')).html_safe
+        = strike_action_label(appeal)
      .log-entry__timestamp
        %time.formatted{ datetime: appeal.strike.created_at.iso8601 }
          = l(appeal.strike.created_at)