app/helpers/asserted_distributions_helper.rb from SpeciesFileGroup/taxonworks

Tagging a string as html safe may be a security risk.
Open

    ].join('&nbsp;').html_safe

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Tagging a string as html safe may be a security risk.
Open

      (asserted_distribution.is_absent ? tag.span(' not in ', class: [:feedback, 'feedback-thin', 'feedback-warning']).html_safe : ' in ').html_safe,

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Tagging a string as html safe may be a security risk.
Open

      (asserted_distribution.is_absent ? tag.span(' not in ', class: [:feedback, 'feedback-thin', 'feedback-warning']).html_safe : ' in ').html_safe,

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Do not use instance variables in helpers.
Open

    ' (has no geographic items)' if @asserted_distribution.geographic_area.geographic_items.empty?

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Exclude checks
- Disable engine
- Disable check

Tagging a string as html safe may be a security risk.
Open

      geographic_area_tag(asserted_distribution.geographic_area).html_safe

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Tagging a string as html safe may be a security risk.
Open

              asserted_distribution) ].join('&nbsp;').html_safe

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Tagging a string as html safe may be a security risk.
Open

      otu_tag(asserted_distribution.otu).html_safe,

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Tagging a string as html safe may be a security risk.
Open

      link_to(otu_tag(asserted_distribution.otu).html_safe, asserted_distribution.otu),

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

Tagging a string as html safe may be a security risk.
Open

      link_to(geographic_area_tag(asserted_distribution.geographic_area).html_safe,

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of output safety calls like html_safe, raw, and safe_concat. These methods do not escape content. They simply return a SafeBuffer containing the content as is. Instead, use safe_join to join content and escape it and concat to concatenate content and escape it, ensuring its safety.

Example:

user_content = "hi"

# bad
"#{user_content}".html_safe
# => ActiveSupport::SafeBuffer "hi"

# good
content_tag(:p, user_content)
# => ActiveSupport::SafeBuffer "<b>hi</b>"

# bad
out = ""
out << "#{user_content}"
out << "#{user_content}"
out.html_safe
# => ActiveSupport::SafeBuffer "hi
hi"

# good
out = []
out << content_tag(:li, user_content)
out << content_tag(:li, user_content)
safe_join(out)
# => ActiveSupport::SafeBuffer
#    "<b>hi</b>
<b>hi</b>"

# bad
out = "trusted content".html_safe
out.safe_concat(user_content)
# => ActiveSupport::SafeBuffer "trusted_content
hi"

# good
out = "trusted content".html_safe
out.concat(user_content)
# => ActiveSupport::SafeBuffer
#    "trusted_content<b>hi</b>"

# safe, though maybe not good style
out = "trusted content"
result = out.concat(user_content)
# => String "trusted contenthi"
# because when rendered in ERB the String will be escaped:
# <%= result %>
# => trusted content<b>hi</b>

# bad
(user_content + " " + content_tag(:span, user_content)).html_safe
# => ActiveSupport::SafeBuffer "hi <span><b>hi</b></span>"

# good
safe_join([user_content, " ", content_tag(:span, user_content)])
# => ActiveSupport::SafeBuffer
#    "<b>hi</b> <span>&lt;b&gt;hi&lt;/b&gt;</span>"

TODO found
Open

      'geometry' => RGeo::GeoJSON.encode(asserted_distribution.geographic_area.geographic_items.first.geo_object), # TODO: optimize

Found in app/helpers/asserted_distributions_helper.rb by fixme

Exclude checks
- Disable engine
- Disable check

Prefer symbols instead of strings as hash keys.
Open

          'label' => label_for_asserted_distribution(asserted_distribution) },

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

        'is_absent' => asserted_distribution.is_absent

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

      'geometry' => RGeo::GeoJSON.encode(asserted_distribution.geographic_area.geographic_items.first.geo_object), # TODO: optimize

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

        'base' => {

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

      'type' => 'Feature',

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

          'type' => 'AssertedDistribution',

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

        'shape' => {

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

          'type' => 'GeographicArea',

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

          'id' => asserted_distribution.id,

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

          'id' => asserted_distribution.geographic_area_id },

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

Prefer symbols instead of strings as hash keys.
Open

      'properties' => {

Found in app/helpers/asserted_distributions_helper.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

This cop checks for the use of strings as keys in hashes. The use of symbols is preferred instead.

Example:

# bad
{ 'one' => 1, 'two' => 2, 'three' => 3 }

# good
{ one: 1, two: 2, three: 3 }

SpeciesFileGroup/taxonworks

Summary

Maintainability

Test Coverage

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Do not use instance variables in helpers. Open

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

Tagging a string as html safe may be a security risk. Open

Example:

trusted content

trusted_content

trusted content

trusted_content

TODO found Open

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

Prefer symbols instead of strings as hash keys. Open

Example:

There are no issues that match your filters.

Category

Status

Tagging a string as html safe may be a security risk.
Open

Tagging a string as html safe may be a security risk.
Open

Tagging a string as html safe may be a security risk.
Open

Do not use instance variables in helpers.
Open

Tagging a string as html safe may be a security risk.
Open

Tagging a string as html safe may be a security risk.
Open

Tagging a string as html safe may be a security risk.
Open

Tagging a string as html safe may be a security risk.
Open

Tagging a string as html safe may be a security risk.
Open

TODO found
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open

Prefer symbols instead of strings as hash keys.
Open