publiclab / plots2

a collaborative knowledge-exchange platform in Rails; we welcome first-time contributors! :balloon:
https://publiclab.org
GNU General Public License v3.0
961 stars 1.83k forks source link

added sanitizers to contributors page #10346

Closed first-timers[bot] closed 3 years ago

first-timers[bot] commented 3 years ago

Hi, this is a first-timers-only issue. This means we've worked to make it more legible to folks who either haven't contributed to our codebase before, or even folks who haven't contributed to open source before.

If that's you, we're interested in helping you take the first step and can answer questions and help you out as you do. Note that we're especially interested in contributions from people from groups underrepresented in free and open source software!

We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you πŸ’

If you have contributed before, consider leaving this one for someone new, and looking through our general help wanted issues. Thanks!

πŸ€” What you will need to know.

Nothing. This issue is meant to welcome you to Open Source :) We are happy to walk you through the process.

πŸ“‹ Step by Step

See this page for some help in taking your first steps!

Below is a "diff" showing in red (and a -) which lines to remove, and in green (and a +) which lines to add:

@@ -15,11 +15,11 @@
   <% if current_user && params["action"] == "contributors" %>
     <!-- AJAXify -->
     <div class="btn-group">
-      <a class="btn btn-outline-secondary btn-sm" href="/feed/tag/<%= params[:id] %>.rss"><i class="fa fa-rss"></i> RSS</a>
+      <a class="btn btn-outline-secondary btn-sm" href="/feed/tag/<%=h params[:id] %>.rss"><i class="fa fa-rss"></i> RSS</a>
       <% if current_user.following(params[:id]) %>
-        <a rel="tooltip" title="<%= translation('tag.contributors.unfollow',{},false) %>" class="btn btn-outline-secondary btn-sm" href="/unsubscribe/tag/<%= params[:id] %>"><i class="fa fa-user-plus" aria-hidden="true"></i> <%= translation('tag.contributors.following') %> <b><%= params[:id] %></b></a>
+        <a rel="tooltip" title="<%= translation('tag.contributors.unfollow',{},false) %>" class="btn btn-outline-secondary btn-sm" href="/unsubscribe/tag/<%=h params[:id] %>"><i class="fa fa-user-plus" aria-hidden="true"></i> <%= translation('tag.contributors.following') %> <b><%=h params[:id] %></b></a>
       <% else %>
-        <a class="btn btn-outline-secondary btn-sm" href="/subscribe/tag/<%= params[:id] %>"><i class="fa fa-user-plus" aria-hidden="true"></i> <%= translation('tag.contributors.follow') %> <b><%= params[:id] %></b></a>
+        <a class="btn btn-outline-secondary btn-sm" href="/subscribe/tag/<%= params[:id] %>"><i class="fa fa-user-plus" aria-hidden="true"></i> <%= translation('tag.contributors.follow') %> <b><%=h params[:id] %></b></a>
       <% end %>
       <a class="btn btn-outline-secondary btn-sm" rel="popover" data-placement="bottom" data-html="true" data-title="<%= translation('tag.show.users_following_tag',{},false) %>" data-content="<% Tag.followers(params[:id]).each do |user| %><i class='fa fa-star-o'></i> <a href='/profile/<%= user.username %>'><%= user.username %></a><br /><% end %><% if Tag.follower_count(params[:id]) == 0 %><i><%= translation('tag.show.none') %></i><% end %>"><%= Tag.follower_count(params[:id]) %> <i class="fa fa-user"></i> <span class="caret"></span></a>
     </div>
@@ -30,9 +30,9 @@
 <% end %>
 <br />
 <% if @wildcard %>
-  <p><%= raw translation('tag.contributors.wild_card_search_detected', :tag => params[:id]) %></p>
+  <p><%= raw translation('tag.contributors.wild_card_search_detected', tag: strip_tags(params[:id])) %></p>
 <% elsif @contributor_count.nil? || @contributor_count == 0 %>
-  <p><%= raw translation('tag.contributors.no_contributors', :tag => params[:id]) %></p>
+  <p><%= raw translation('tag.contributors.no_contributors', tag: strip_tags(params[:id])) %></p>
 <% else %>
   <div class="row">
     <div class="col-md-6">
@@ -45,7 +45,7 @@
           <% @users.each do |user| %>
             <tr class="users-row">
               <td><a href='/profile/<%= user.name %>'><i class="fa fa-user"></i> <%= user.name %></a></td>
-              <td><a href='/tag/<%= params[:id] %>/author/<%= user.name %>'><%= translation('tag.contributors.notes') %> &raquo;</a></td>
+              <td><a href='/tag/<%=h params[:id] %>/author/<%= user.name %>'><%= translation('tag.contributors.notes') %> &raquo;</a></td>
             </tr>
           <% end %>
         <% end %>
  1. You can also edit files directly in your browser and open a pull request from there.

Please keep us updated

πŸ’¬β° - We encourage contributors to be respectful to the community and provide an update within a week of claiming a first-timers-only issue. We're happy to keep it assigned to you as long as you need if you update us with a request for more time or help, but if we don't see any activity a week after you claim it we may reassign it to give someone else a chance. Thank you in advance!

If this happens to you, don't sweat it! Grab another open issue.

Is someone else already working on this?

πŸ”—- We encourage contributors to link to the original issue in their pull request so all users can easily see if someone's already started on it.

πŸ‘₯- If someone seems stuck, offer them some help! Otherwise, take a look at some other issues you can help with. Thanks!

πŸ€”β“ Questions?

Leave a comment below!

jywarren commented 3 years ago

This is reserved for @mateuseap! thank you!

frankiefab100 commented 3 years ago

Please assign issues for me to resolve.

mateuseap commented 3 years ago

I'm gonna work on this, please assign it to me!

abhij1607 commented 3 years ago

@jywarren Hey, I would like to contribute to this issue. I am a first-timer and already raised a pull request in case it is fine. Thanks

Rahuls-17 commented 3 years ago

Hey!! I'm new to open source this is my first time, can I do this project

mateuseap commented 3 years ago

I already made my PR, hope you can review it @TildaDares!

jywarren commented 3 years ago

Thanks all for your interest!! you can sign up for a first-timers-only issue at https://github.com/publiclab/plots2/issues/10153 -- thanks to @mateuseap for solving this one!