Skip to content

Commit

Permalink
Flippy component: mark all notes HTML-safe
Browse files Browse the repository at this point in the history 
As the content of this component is completely static and authored by us, there are no security implications to doing this by default.
This prevents forgetting to mark something HTML-safe and having the formatting break.
  • Loading branch information
@benilovj
benilovj committed Oct 15, 2024
1 parent 89686e9 commit e2db33b
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 24 deletions.
2 changes: 1 addition & 1 deletion app/components/app_import_format_details_component.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
tag.code(column[:name])
end
row.with_cell do
column[:notes]
column[:notes].html_safe
end
end
end
Expand Down
40 changes: 17 additions & 23 deletions app/components/app_import_format_details_component.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ def class_import_columns
{
name: "CHILD_POSTCODE",
notes:
"#{tag.strong("Required")}, must be formatted as a valid postcode.".html_safe
"#{tag.strong("Required")}, must be formatted as a valid postcode."
}
] + parent_columns
end
Expand All @@ -80,7 +80,7 @@ def cohort_import_columns
name: "CHILD_GENDER",
notes:
"Optional, must be one of: #{tag.i("Male")}, #{tag.i("Female")}, " \
"#{tag.i("Not known")} or #{tag.i("Not specified")}".html_safe
"#{tag.i("Not known")} or #{tag.i("Not specified")}"
},
{ name: "CHILD_ADDRESS_LINE_1", notes: "Optional" },
{ name: "CHILD_ADDRESS_LINE_2", notes: "Optional" },
Expand All @@ -99,19 +99,18 @@ def immunisation_import_columns
name: "ORGANISATION_CODE",
notes:
"#{tag.strong("Required")}, must be a valid " \
"#{govuk_link_to("ODS code", "https://odsportal.digital.nhs.uk/")}".html_safe
"#{govuk_link_to("ODS code", "https://odsportal.digital.nhs.uk/")}"
},
{
name: "SCHOOL_URN",
notes:
"#{tag.strong("Required")}, must be 6 digits and numeric. " \
"Use #{tag.i("888888")} for school unknown and #{tag.i("999999")} " \
"for homeschooled.".html_safe
"for homeschooled."
},
{
name: "SCHOOL_NAME",
notes:
"Required if #{tag.i("SCHOOL_URN")} is #{tag.i("888888")}".html_safe
notes: "Required if #{tag.i("SCHOOL_URN")} is #{tag.i("888888")}"
},
{ name: "NHS_NUMBER", notes: "Optional, must be 10 digits and numeric" },
{ name: "PERSON_FORENAME", notes: tag.strong("Required") },
Expand All @@ -121,22 +120,21 @@ def immunisation_import_columns
name: "PERSON_GENDER_CODE",
notes:
"#{tag.strong("Required")}, must be #{tag.i("Not known")}, " \
"#{tag.i("Male")}, #{tag.i("Female")}, #{tag.i("Not specified")}".html_safe
"#{tag.i("Male")}, #{tag.i("Female")}, #{tag.i("Not specified")}"
},
{
name: "PERSON_POSTCODE",
notes:
"#{tag.strong("Required")}, must be formatted as a valid postcode".html_safe
"#{tag.strong("Required")}, must be formatted as a valid postcode"
},
{
name: "DATE_OF_VACCINATION",
notes:
"#{tag.strong("Required")}, must use #{tag.i("YYYYMMDD")} format".html_safe
notes: "#{tag.strong("Required")}, must use #{tag.i("YYYYMMDD")} format"
},
{
name: "VACCINE_GIVEN",
notes:
"#{tag.strong("Required")}, must be ".html_safe +
"#{tag.strong("Required")}, must be " +
@programme
.vaccines
.pluck(:nivs_name)
Expand All @@ -145,21 +143,19 @@ def immunisation_import_columns
last_word_connector: ", or ",
two_words_connector: " or "
)
.html_safe
},
{ name: "BATCH_NUMBER", notes: tag.strong("Required") },
{
name: "BATCH_EXPIRY_DATE",
notes:
"#{tag.strong("Required")}, must use #{tag.i("YYYYMMDD")} format".html_safe
notes: "#{tag.strong("Required")}, must use #{tag.i("YYYYMMDD")} format"
},
{
name: "ANATOMICAL_SITE",
notes:
"#{tag.strong("Required")}, must be #{tag.i("Left Buttock")}, " \
"#{tag.i("Right Buttock")}, #{tag.i("Left Thigh")}, " \
"#{tag.i("Right Thigh")}, #{tag.i("Left Upper Arm")}, " \
"#{tag.i("Right Upper Arm")} or #{tag.i("Nasal")}".html_safe
"#{tag.i("Right Upper Arm")} or #{tag.i("Nasal")}"
}
] + dose_sequence + vaccinated + care_setting + performing_professional
end
Expand All @@ -172,7 +168,7 @@ def parent_columns
name: "#{prefix}_RELATIONSHIP",
notes:
"Optional, must be one of: #{tag.i("Mum")}, #{tag.i("Dad")} or " \
"#{tag.i("Guardian")}".html_safe
"#{tag.i("Guardian")}"
},
{
name: "#{prefix}_EMAIL",
Expand All @@ -194,7 +190,7 @@ def dose_sequence
name: "DOSE_SEQUENCE",
notes:
"#{tag.strong("Required")}, must be #{tag.i("1")}, #{tag.i("2")} or " \
"#{tag.i("3")}".html_safe
"#{tag.i("3")}"
}
]
end
Expand All @@ -206,7 +202,7 @@ def care_setting
name: "CARE_SETTING",
notes:
"Required if #{tag.code("VACCINATED")} is #{tag.i("Y")}. Must be " \
"#{tag.i("1")} (school) or #{tag.i("2")} (care setting)".html_safe
"#{tag.i("1")} (school) or #{tag.i("2")} (care setting)"
}
]
end
Expand All @@ -217,7 +213,7 @@ def vaccinated
name: "VACCINATED",
notes:
"Optional, must be #{tag.i("Y")} or #{tag.i("N")}. If omitted, " \
"#{tag.i("Y")} is assumed.".html_safe
"#{tag.i("Y")} is assumed."
}
]
end
Expand All @@ -226,13 +222,11 @@ def performing_professional
[
{
name: "PERFORMING_PROFESSIONAL_FORENAME",
notes:
"Required if #{tag.code("VACCINATED")} is #{tag.i("Y")}".html_safe
notes: "Required if #{tag.code("VACCINATED")} is #{tag.i("Y")}"
},
{
name: "PERFORMING_PROFESSIONAL_SURNAME",
notes:
"Required if #{tag.code("VACCINATED")} is #{tag.i("Y")}".html_safe
notes: "Required if #{tag.code("VACCINATED")} is #{tag.i("Y")}"
}
]
end
Expand Down

0 comments on commit e2db33b

Please sign in to comment.