class RuboCop::Cop::Rails::OutputSafety

safe_join(out)
out << content_tag(:li, “two”)
out << content_tag(:li, “one”)
out = []
# good
out.html_safe
out << content_tag(:li, “two”)
out << content_tag(:li, “one”)
out = “”
# bad
content_tag(:p, text)
# good
“<p>#{text}</p>”.html_safe
# bad
@example
raw.
This cop checks for the use of output safety calls like html_safe and

def looks_like_rails_html_safe?(node)

def looks_like_rails_html_safe?(node)
  receiver, method_name, *args = *node
  receiver && method_name == :html_safe && args.empty?
end

def looks_like_rails_raw?(node)

def looks_like_rails_raw?(node)
  receiver, method_name, *args = *node
  receiver.nil? && method_name == :raw && args.one?
end

def on_send(node)

def on_send(node)
  _receiver, method_name, *_args = *node
  ignore_node(node) if method_name == :safe_join
  return unless !part_of_ignored_node?(node) &&
                (looks_like_rails_html_safe?(node) ||
                looks_like_rails_raw?(node))
  add_offense(node, :selector)
end

Namespace

RuboCop::Cop::Rails

Parent class

RuboCop::Cop::Rails::Cop

Instance Methods

Defined in

lib/rubocop/cop/rails/output_safety.rb

Modules

Classes