Backport 'Standardize the way resources are being listed ...' to v0.27

decidim-accountability/app/cells/decidim/accountability/highlighted_results_for_component/show.erb

@@ -1,6 +1,6 @@
 <section class="section row collapse highlighted_results">
   <h3 class="section-heading">
-    <%= translated_attribute(model.name) %> <a href="<%= main_component_path(model) %>" class="text-small"><%= t("decidim.participatory_spaces.highlighted_results.see_all", count: results_count) %></a>
+    <%= decidim_escape_translated(model.name) %> <a href="<%= main_component_path(model) %>" class="text-small"><%= t("decidim.participatory_spaces.highlighted_results.see_all", count: results_count) %></a>
   </h3>
 
   <div class="row">

decidim-admin/app/events/decidim/component_published_event.rb

@@ -2,5 +2,16 @@
 
 module Decidim
   class ComponentPublishedEvent < Decidim::Events::SimpleEvent
+    # Public: The Hash of options to pass to the I18.t method.
+    def i18n_options
+      default_i18n_options.merge(event_interpolations)
+    end
+
+    def resource_title
+      return unless resource
+
+      title = decidim_sanitize_translated(resource.name)
+      Decidim::ContentProcessor.render_without_format(title, links: false).html_safe
+    end
   end
 end

decidim-admin/app/helpers/decidim/admin/admin_terms_helper.rb

@@ -5,7 +5,7 @@ module Admin
     # This module includes helpers to show Admin Terms of Use
     module AdminTermsHelper
       def admin_terms_of_use_body
-        current_organization.admin_terms_of_use_body.symbolize_keys[I18n.locale].html_safe
+        decidim_sanitize_admin(translated_attribute(current_organization.admin_terms_of_use_body)).html_safe
       end
 
       def announcement_body

decidim-admin/spec/events/decidim/component_published_event_spec.rb

@@ -11,10 +11,11 @@
   let(:resource) { create(:component) }
   let(:participatory_space) { resource.participatory_space }
   let(:resource_path) { main_component_path(resource) }
-  let(:email_subject) { "An update to #{participatory_space.title["en"]}" }
-  let(:email_intro) { "The #{resource.name["en"]} component is now active for #{participatory_space.title["en"]}. You can see it from this page:" }
-  let(:email_outro) { "You have received this notification because you are following #{participatory_space.title["en"]}. You can stop receiving notifications following the previous link." }
-  let(:notification_title) { "The #{resource.name["en"]} component is now active for <a href=\"#{resource_path}\">#{participatory_space.title["en"]}</a>" }
+  let(:email_subject) { "An update to #{participatory_space_title}" }
+  let(:resource_title) { decidim_sanitize_translated(resource.name) }
+  let(:email_intro) { "The #{resource_title} component is now active for #{participatory_space_title}. You can see it from this page:" }
+  let(:email_outro) { "You have received this notification because you are following #{participatory_space_title}. You can stop receiving notifications following the previous link." }
+  let(:notification_title) { "The #{resource_title} component is now active for <a href=\"#{resource_path}\">#{participatory_space_title}</a>" }
 
   it_behaves_like "a simple event"
   it_behaves_like "a simple event email"

decidim-assemblies/lib/decidim/assemblies/admin_engine.rb

@@ -128,7 +128,7 @@ class AdminEngine < ::Rails::Engine
       initializer "decidim_assemblies.admin_assemblies_components_menu" do
         Decidim.menu :admin_assemblies_components_menu do |menu|
           current_participatory_space.components.each do |component|
-            caption = translated_attribute(component.name)
+            caption = decidim_escape_translated(component.name)
             if component.primary_stat.present?
               caption += content_tag(:span, component.primary_stat, class: component.primary_stat.zero? ? "component-counter component-counter--off" : "component-counter")
             end

decidim-assemblies/lib/decidim/assemblies/test/factories.rb

@@ -19,6 +19,9 @@
   end
 
   factory :assembly, class: "Decidim::Assembly" do
+    transient do
+      skip_injection { false }
+    end
     title { generate_localized_title }
     slug { generate(:assembly_slug) }
     subtitle { generate_localized_title }

decidim-budgets/spec/mailers/decidim/budgets/order_summary_mailer_spec.rb

@@ -23,16 +23,16 @@ module Decidim::Budgets
         end
 
         it "includes the budget title" do
-          expect(mail.body.encoded).to include(translated(budget.title))
+          expect(mail.body.encoded).to include(decidim_escape_translated(budget.title))
         end
 
         it "includes the participatory space title" do
-          expect(mail.body).to include(translated(space.title))
+          expect(mail.body).to include(decidim_escape_translated(space.title))
         end
 
         it "includes the projects names" do
           order.projects.each do |project|
-            expect(mail.body).to include(translated(project.title))
+            expect(mail.body).to include(decidim_escape_translated(project.title))
           end
         end
       end
@@ -51,7 +51,7 @@ module Decidim::Budgets
 
         it "includes the scope name and scope type name" do
           expect(mail.body.encoded).to include(translated(scope.name))
-          expect(mail.body.encoded).to include(translated(scope.scope_type.name))
+          expect(mail.body.encoded).to include(decidim_escape_translated(scope.scope_type.name))
         end
       end
     end

decidim-conferences/app/cells/decidim/conferences/photo_cell.rb

@@ -26,7 +26,7 @@ def image_big
       end
 
       def title
-        translated_attribute model.title
+        decidim_escape_translated model.title
       end
 
       def short_description

decidim-conferences/lib/decidim/conferences/admin_engine.rb

@@ -91,7 +91,7 @@ class AdminEngine < ::Rails::Engine
       initializer "decidim_conferences.admin_conferences_components_menu" do
         Decidim.menu :admin_conferences_components_menu do |menu|
           current_participatory_space.components.each do |component|
-            caption = translated_attribute(component.name)
+            caption = decidim_escape_translated(component.name)
             if component.primary_stat.present?
               caption += content_tag(:span, component.primary_stat, class: component.primary_stat.zero? ? "component-counter component-counter--off" : "component-counter")
             end

decidim-conferences/spec/system/media_spec.rb

@@ -48,7 +48,7 @@ def visit_conference
     it "shows them" do
       within "div.wrapper .conference-media" do
         expect(page).to have_content("MEDIA AND LINKS")
-        expect(page).to have_content(/#{translated(media_link.title, locale: :en)}/i)
+        expect(page).to have_content(translated(media_link.title))
         expect(page).to have_css(".media-links a")
       end
     end
@@ -65,7 +65,7 @@ def visit_conference
 
     it "shows them" do
       within "div.wrapper .documents" do
-        expect(page).to have_content(/#{translated(document.title, locale: :en)}/i)
+        expect(page).to have_content(translated(document.title))
       end
 
       within "div.wrapper .images" do
@@ -86,7 +86,7 @@ def visit_conference
 
     it "shows them ordered" do
       within "div.wrapper .documents" do
-        expect(translated(first_document.title, locale: :en)).to appear_before(translated(last_document.title, locale: :en))
+        expect(decidim_escape_translated(first_document.title).gsub(""", "\"")).to appear_before(decidim_escape_translated(last_document.title).gsub(""", "\""))
       end
 
       within "div.wrapper .images" do

decidim-consultations/lib/decidim/consultations/admin_engine.rb

@@ -157,7 +157,7 @@ class AdminEngine < ::Rails::Engine
       initializer "decidim_consultations.admin_consultation_components_menu" do
         Decidim.menu :admin_consultation_components_menu do |menu|
           current_participatory_space.components.each do |component|
-            caption = translated_attribute(component.name)
+            caption = decidim_escape_translated(component.name)
             if component.primary_stat.present?
               caption += content_tag(:span, component.primary_stat, class: component.primary_stat.zero? ? "component-counter component-counter--off" : "component-counter")
             end

decidim-core/app/cells/decidim/scopes_picker/scope_picker_values.erb

@@ -1,5 +1,5 @@
 <div class="picker-values">
   <%- scopes.each do |scope, params| %>
-    <div><%= link_to params[:text], params[:url], data: { picker_value: scope.id } %></div>
+    <div><%= link_to decidim_html_escape(params[:text]), params[:url], data: { picker_value: scope.id } %></div>
   <% end %>
 </div>

decidim-core/app/helpers/decidim/sanitize_helper.rb

@@ -6,6 +6,7 @@ module SanitizeHelper
     def self.included(base)
       base.include ActionView::Helpers::SanitizeHelper
       base.include ActionView::Helpers::TagHelper
+      base.include Decidim::TranslatableAttributes
     end
 
     # Public: It sanitizes a user-inputted string with the
@@ -53,6 +54,14 @@ def decidim_url_escape(text)
       decidim_html_escape(text).sub(/^javascript:/, "")
     end
 
+    def decidim_sanitize_translated(text)
+      decidim_sanitize(translated_attribute(text))
+    end
+
+    def decidim_escape_translated(text)
+      decidim_html_escape(translated_attribute(text))
+    end
+
     private
 
     # Maintains the paragraphs and lists separations with their bullet points and