here is my code who do not pass Rubocop because :
Rails/OutputSafety: Tagging a string as html safe may be a security risk.
def number_with_html_delimiter(num)
number_with_delimiter(num)
.gsub!(' ', content_tag(:span, "", class: "numbers-delimiter")).html_safe
end
I need to put a custom span with some css to put the spaces in HTML and when I remove html_safe it does not work.
Please help, thanks in advance
html_safe
and raw()
are not safe for security purpose. You can disable rubocop
for html_safe
(or raw
) by using # rubocop:disable Rails/OutputSafety
and # rubocop:enable Rails/OutputSafety
before and after code where you have used html_safe
(or raw
) method.
# rubocop:disable Rails/OutputSafety
def number_with_html_delimiter(num)
number_with_delimiter(num)
.gsub!(' ', content_tag(:span, "", class: "numbers-delimiter")).html_safe
end
#rubocop:enable Rails/OutputSafety