search

AlchemyCMS / alchemy_cms

Alchemy is the Open Source Rails CMS framework for the component based web that can be used as classic server side rendered or headless CMS.
https://www.alchemy-cms.com
BSD 3-Clause "New" or "Revised" License
842 stars 315 forks source link

ViewComponent HTML safety warnings #2737

Closed oneiros closed 7 months ago

oneiros commented 8 months ago

I am currently migrating an app to Alchemy 7 and since the update, I get a lot of these warnings:

WARNING: The Alchemy::Ingredients::TextView component rendered HTML-unsafe output. The output will be automatically escaped, but you may want to investigate.

Turns out, since version 3.9.0, view_component will issue this warning specifically for components that implement #call. See https://github.com/ViewComponent/view_component/pull/1950 for all the details.

This affects alchemy's ingredient view components, at least TextView.

This is no big deal, after all the string gets escaped and everything is fine. It is just that the warning (and its frequency) is a bit annoying.

I would have gladly provided a PR, but there is more than one way to fix it, and I am not sure if and how to add tests for this.

Steps to reproduce

Use a Text-Ingredient. Watch your test and/or server logs.

Expected behavior

No warning should be issued.

Actual behavior

Depending on the usage of Text ingredients, a lot of warnings are issued.

System configuration