here is my code who do not pass Rubocop because :
Rails/OutputSafety: Tagging a string as html safe may be a security risk.
def number_with_html_delimiter(num)
number_with_delimiter(num)
.gsub!(' ', content_tag(:span, "", class: "numbers-delimiter")).html_safe
end
I need to put a custom span with some css to put the spaces in HTML and when I remove html_safe it does not work.
Please help, thanks in advance
html_safe and raw() are not safe for security purpose. You can disable rubocop for html_safe(or raw) by using # rubocop:disable Rails/OutputSafety and # rubocop:enable Rails/OutputSafety before and after code where you have used html_safe(or raw) method.
# rubocop:disable Rails/OutputSafety
def number_with_html_delimiter(num)
number_with_delimiter(num)
.gsub!(' ', content_tag(:span, "", class: "numbers-delimiter")).html_safe
end
#rubocop:enable Rails/OutputSafety