Merge branch 'jh-remove_html_group_translations' into 'master'

Remove HTML from remaining backend strings on the todolist

See merge request gitlab-org/gitlab!37712

app/helpers/mirror_helper.rb

@@ -9,7 +9,7 @@ module MirrorHelper
   end
 
   def mirror_lfs_sync_message
-    _('The Git LFS objects will <strong>not</strong> be synced.').html_safe
+    html_escape(_('The Git LFS objects will %{strong_open}not%{strong_close} be synced.')) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
   end
 end
 

app/serializers/build_details_entity.rb

@@ -147,7 +147,7 @@ class BuildDetailsEntity < JobEntity
   end
 
   def help_message(docs_url)
-    _("Please refer to <a href=\"%{docs_url}\">%{docs_url}</a>") % { docs_url: docs_url }
+    html_escape(_("Please refer to %{docs_url}")) % { docs_url: "<a href=\"#{docs_url}\">#{html_escape(docs_url)}</a>".html_safe }
   end
 end
 

app/views/ci/variables/_content.html.haml

 = _('Environment variables are applied to environments via the runner. They can be protected by only exposing them to protected branches or tags. Additionally, they can be masked so they are hidden in job logs, though they must match certain regexp requirements to do so. You can use environment variables for passwords, secret keys, or whatever you want.')
-= _('You may also add variables that are made available to the running application by prepending the variable key with <code>K8S_SECRET_</code>.').html_safe
+= html_escape(_('You may also add variables that are made available to the running application by prepending the variable key with %{k8s_secret}.')) % { k8s_secret: tag.code('K8S_SECRET_') }
 = link_to _('More information'), help_page_path('ci/variables/README', anchor: 'custom-environment-variables')

app/views/clusters/clusters/_advanced_settings.html.haml

@@ -11,7 +11,7 @@
         = @cluster.provider_label
       %p
         - provider_link = link_to(@cluster.provider_label, @cluster.provider_management_url, target: '_blank', rel: 'noopener noreferrer')
-        = s_('ClusterIntegration|Manage your Kubernetes cluster by visiting %{provider_link}').html_safe % { provider_link: provider_link }
+        = html_escape(s_('ClusterIntegration|Manage your Kubernetes cluster by visiting %{provider_link}')) % { provider_link: provider_link }
 
   .sub-section.form-group
     = form_for @cluster, url: clusterable.cluster_path(@cluster), as: :cluster, html: { class: 'cluster_management_form' } do |field|
@@ -22,7 +22,7 @@
         = project_select_tag('cluster[management_project_id]', class: 'hidden-filter-value', toggle_class: 'js-project-search js-project-filter js-filter-submit', dropdown_class: 'dropdown-menu-selectable dropdown-menu-project js-filter-submit',
             placeholder: _('Select project'), idAttribute: 'id', data: { order_by: 'last_activity_at', idattribute: 'id', simple_filter: true, allow_clear: true, include_groups: false, include_projects_in_subgroups: true, group_id: group_id, user_id: user_id }, value: @cluster.management_project_id)
         .text-muted
-          = s_('ClusterIntegration|A cluster management project can be used to run deployment jobs with Kubernetes <code>cluster-admin</code> privileges.').html_safe
+          = html_escape(s_('ClusterIntegration|A cluster management project can be used to run deployment jobs with Kubernetes %{code_open}cluster-admin%{code_close} privileges.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
           = link_to _('More information'), help_page_path('user/clusters/management_project.md'), target: '_blank'
       .gl-display-flex.gl-justify-content-end
         = field.submit _('Save changes'), class: 'btn btn-success'

app/views/devise/registrations/new.html.haml

@@ -3,7 +3,7 @@
   .row
     .col-lg-7
       %h1.mb-3.font-weight-bold.text-6.mt-0
-        = _("Speed up your DevOps<br>with GitLab").html_safe
+        = html_escape(_("Speed up your DevOps%{br_tag}with GitLab")) % { br_tag: '<br/>'.html_safe }
       %p.text-3
         = _("GitLab is a single application for the entire software development lifecycle. From project planning and source code management to CI/CD, monitoring, and security.")
     .col-lg-5.order-12

app/views/doorkeeper/applications/_form.html.haml

@@ -13,7 +13,7 @@
       = _('Use one line per URI')
     - if Doorkeeper.configuration.native_redirect_uri
       %span.form-text.text-muted
-        = _('Use <code>%{native_redirect_uri}</code> for local tests').html_safe % { native_redirect_uri: Doorkeeper.configuration.native_redirect_uri }
+        = html_escape(_('Use %{native_redirect_uri} for local tests')) % { native_redirect_uri: tag.code(Doorkeeper.configuration.native_redirect_uri) }
 
   .form-group.form-check
     = f.check_box :confidential, class: 'form-check-input'

app/views/doorkeeper/authorizations/new.html.haml

@@ -11,7 +11,7 @@
           .text-warning
             %p
               = icon("exclamation-triangle fw")
-              = _('You are an admin, which means granting access to <strong>%{client_name}</strong> will allow them to interact with GitLab as an admin as well. Proceed with caution.').html_safe % { client_name: @pre_auth.client.name }
+              = html_escape(_('You are an admin, which means granting access to %{client_name} will allow them to interact with GitLab as an admin as well. Proceed with caution.')) % { client_name: tag.strong(@pre_auth.client.name) }
         %p
           - link_to_client = link_to(@pre_auth.client.name, @pre_auth.redirect_uri, target: '_blank', rel: 'noopener noreferrer')
           = _("An application called %{link_to_client} is requesting access to your GitLab account.").html_safe % { link_to_client: link_to_client }

app/views/help/instance_configuration/_ssh_info.html.haml

@@ -9,7 +9,7 @@
 
   - if ssh_info.blank?
     %p
-      = _('SSH host keys are not available on this system. Please use <code>ssh-keyscan</code> command or contact your GitLab administrator for more information.').html_safe
+      = html_escape(_('SSH host keys are not available on this system. Please use %{ssh_keyscan} command or contact your GitLab administrator for more information.')) % { ssh_keyscan: tag.code('ssh-keyscan') }
   - else
     %p
       = _('Below are the fingerprints for the current instance SSH host keys.')

app/views/registrations/welcome.html.haml

 - content_for(:page_title, _('Welcome to GitLab %{name}!') % { name: current_user.name })
 .text-center.mb-3
-  = _('In order to tailor your experience with GitLab we<br>would like to know a bit more about you.').html_safe
+  = html_escape(_('In order to tailor your experience with GitLab we%{br_tag}would like to know a bit more about you.')) % { br_tag: '<br/>'.html_safe }
 .signup-box.p-3.mb-2
   .signup-body
     = form_for(current_user, url: users_sign_up_update_registration_path, html: { class: 'new_new_user gl-show-field-errors', 'aria-live' => 'assertive' }) do |f|

app/views/shared/_delete_label_modal.html.haml

@@ -8,7 +8,7 @@
 
       .modal-body
         %p
-          = _('<strong>%{label_name}</strong> <span>will be permanently deleted from %{subject_name}. This cannot be undone.</span>').html_safe % { label_name: label.name, subject_name: label.subject_name }
+          = html_escape(_('%{label_name} %{span_open}will be permanently deleted from %{subject_name}. This cannot be undone.%{span_close}')) % { label_name: tag.strong(label.name), subject_name: label.subject_name, span_open: '<span>'.html_safe, span_close: '</span>'.html_safe }
 
       .modal-footer
         %a{ href: '#', data: { dismiss: 'modal' }, class: 'btn btn-default' }= _('Cancel')

app/views/shared/notes/_notes_with_form.html.haml

@@ -27,6 +27,6 @@
     %span.issuable-note-warning
       = sprite_icon('lock', size: 16, css_class: 'icon')
       %span
-        = _("This %{issuable} is locked. Only <strong>project members</strong> can comment.").html_safe % { issuable: issuable.class.to_s.titleize.downcase }
+        = html_escape(_("This %{issuable} is locked. Only %{strong_open}project members%{strong_close} can comment.")) % { issuable: issuable.class.to_s.titleize.downcase, strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
 -# haml-lint:disable InlineJavaScript
 %script.js-notes-data{ type: "application/json" }= initial_notes_data(autocomplete).to_json.html_safe

app/views/shared/wikis/_form.html.haml

@@ -59,7 +59,7 @@
               - link_example = '[[page-slug]]'
             - else
               - link_example = '[Link Title](page-slug)'
-          = (s_('WikiMarkdownTip|To link to a (new) page, simply type <code class="js-markup-link-example">%{link_example}</code>') % { link_example: link_example }).html_safe
+          = html_escape(s_('WikiMarkdownTip|To link to a (new) page, simply type %{link_example}')) % { link_example: tag.code(link_example, class: 'js-markup-link-example') }
         = succeed '.' do
           - markdown_link = link_to s_("WikiMarkdownDocs|documentation"), help_page_path('user/markdown', anchor: 'wiki-specific-markdown')
           = (s_("WikiMarkdownDocs|More examples are in the %{docs_link}") % { docs_link: markdown_link }).html_safe

app/views/users/calendar_activities.html.haml

 %h4.prepend-top-20
-  = _("Contributions for <strong>%{calendar_date}</strong>").html_safe % { calendar_date: @calendar_date.to_s(:medium) }
+  = html_escape(_("Contributions for %{calendar_date}")) % { calendar_date: tag.strong(@calendar_date.to_s(:medium)) }
 
 - if @events.any?
   %ul.bordered-list

ee/app/helpers/ee/application_helper.rb

@@ -14,10 +14,11 @@ module EE
       return super unless ::Gitlab::Geo.secondary?
 
       if @limited_actions_message
-        s_('Geo|You are on a secondary, <b>read-only</b> Geo node. You may be able to make a limited amount of changes or perform a limited amount of actions on this page.').html_safe
+        html_escape(s_('Geo|You are on a secondary, %{b_open}read-only%{b_close} Geo node. You may be able to make a limited amount of changes or perform a limited amount of actions on this page.')) %
+          { b_open: '<b>'.html_safe, b_close: '</b>'.html_safe }
       else
-        message = (s_('Geo|You are on a secondary, <b>read-only</b> Geo node. If you want to make changes, you must visit this page on the %{primary_node}.') %
-          { primary_node: link_to('primary node', ::Gitlab::Geo.primary_node&.url || '#') }).html_safe
+        message = html_escape(s_('Geo|You are on a secondary, %{b_open}read-only%{b_close} Geo node. If you want to make changes, you must visit this page on the %{node_link_open}primary node%{node_link_close}.')) %
+          { node_link_open: "<a href=\"#{::Gitlab::Geo.primary_node&.url || '#'}\">".html_safe, node_link_close: "</a>".html_safe, b_open: '<b>'.html_safe, b_close: '</b>'.html_safe }
 
         return "#{message} #{lag_message}".html_safe if lag_message
 

ee/app/views/groups/contribution_analytics/show.html.haml

@@ -30,7 +30,7 @@
     - commits_count = @data_collector.total_commit_count
     - person_count = @data_collector.total_push_author_count
     - person_count_string = pluralize person_count, 'person'
-    - pushes_string = s_('ContributionAnalytics|<strong>%{pushes}</strong> pushes, more than <strong>%{commits}</strong> commits by <strong>%{people}</strong> contributors.').html_safe % { pushes: code_push_count, commits: commits_count , people: person_count_string }
+    - pushes_string = html_escape(s_('ContributionAnalytics|%{pushes} pushes, more than %{commits} commits by %{people} contributors.')) % { pushes: tag.strong(code_push_count), commits: tag.strong(commits_count), people: tag.strong(person_count_string) }
     - if code_push_count > 0 || commits_count > 0 || person_count > 0
       = pushes_string
     - else
@@ -45,7 +45,7 @@
     - mr_created_count = @data_collector.total_merge_requests_created_count
     - mr_merged_count = @data_collector.total_merge_requests_merged_count
     - if mr_created_count > 0 || mr_merged_count > 0
-      = s_('ContributionAnalytics|<strong>%{created_count}</strong> created, <strong>%{merged_count}</strong> merged.').html_safe % { created_count: mr_created_count, merged_count: mr_merged_count }
+      = html_escape(s_('ContributionAnalytics|%{created_count} created, %{merged_count} merged.')) % { created_count: tag.strong(mr_created_count), merged_count: tag.strong(mr_merged_count) }
     - else
       = s_('ContributionAnalytics|No merge requests for the selected time period.')
 
@@ -58,7 +58,7 @@
     - issues_created_count = @data_collector.total_issues_created_count
     - issues_closed_count = @data_collector.total_issues_closed_count
     - if issues_created_count > 0 && issues_closed_count > 0
-      = s_('ContributionAnalytics|<strong>%{created_count}</strong> created, <strong>%{closed_count}</strong> closed.').html_safe % { created_count: issues_created_count, closed_count: issues_closed_count }
+      = html_escape(s_('ContributionAnalytics|%{created_count} created, %{closed_count} closed.')) % { created_count: tag.strong(issues_created_count), closed_count: tag.strong(issues_closed_count) }
     - else
       = s_('ContributionAnalytics|No issues for the selected time period.')
 

ee/app/views/groups/saml_providers/_info.html.haml

@@ -12,9 +12,9 @@
       %li
         = (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/group_managed_accounts', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe
       %li
-        = (_("Fill in the fields below, turn on <strong>%{enable_label}</strong>, and press <strong>%{save_changes}</strong>") % { enable_label: _('Enable SAML authentication for this group'), save_changes: _('Save changes') }).html_safe
+        = html_escape(_("Fill in the fields below, turn on %{strong_open}Enable SAML authentication for this group%{strong_close}, and press %{strong_open}Save changes%{strong_close}")) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
       %li
-        = (_("Share the <strong>%{sso_label}</strong> with members so they can sign in to your group through your identity provider") % { sso_label: _('GitLab single sign-on URL') }).html_safe
+        = html_escape(_("Share the %{strong_open}GitLab single sign-on URL%{strong_close} with members so they can sign in to your group through your identity provider")) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
   .well-segment.borderless.mb-3
     = render 'info_row', field: :assertion_consumer_service_url, label_text: _('Assertion consumer service URL')
     .form-text.text-muted= _('Also called "Relying party service URL" or "Reply URL"')

ee/app/views/groups/settings/_adjourned_deletion.html.haml

@@ -5,7 +5,7 @@
   %h4.danger-title= _('Remove group')
   = form_tag(group, method: :delete) do
     %p
-      = _("Upon performing this action, the contents of this group, its subgroup and projects will be permanently removed after %{deletion_adjourned_period} days on <strong>%{date}</strong>. Until that time:").html_safe % { date: date, deletion_adjourned_period: deletion_adjourned_period }
+      = html_escape(_("Upon performing this action, the contents of this group, its subgroup and projects will be permanently removed after %{deletion_adjourned_period} days on %{date}. Until that time:")) % { date: tag.strong(date), deletion_adjourned_period: deletion_adjourned_period }
     %ul
       %li= _("The group will be placed in 'pending removal' state")
       %li= _("The group can be fully restored")

ee/app/views/groups/sso/_register_pane.html.haml

@@ -8,7 +8,7 @@
         .avatar-container.rect-avatar.s64.home-panel-avatar.mb-3
           = group_icon(@unauthenticated_group, class: 'avatar avatar-tile s64', width: 64, height: 64)
         %p.text-center
-          = (_("Finish setting up your dedicated account for <strong>%{group_name}</strong>.") % { group_name: sanitize(@group_name) }).html_safe
+          = html_escape(_("Finish setting up your dedicated account for %{group_name}.")) % { group_name: tag.strong(@group_name) }
 
       .form-group
         = f.label :email, class: 'label-bold'

ee/app/views/registrations/welcome.html.haml

@@ -6,9 +6,9 @@
     .edit-profile.login-page.d-flex.flex-column.align-items-center.pt-lg-3
       - if in_subscription_flow? || (onboarding_issues_experiment_enabled && !in_invitation_flow? && !in_oauth_flow?)
         #progress-bar{ data: { is_in_subscription_flow: in_subscription_flow?.to_s, is_onboarding_issues_experiment_enabled: onboarding_issues_experiment_enabled.to_s } }
-      %h2.center= _('Welcome to GitLab.com<br>@%{name}!').html_safe % { name: html_escape(current_user.first_name) }
+      %h2.center= html_escape(_('Welcome to GitLab.com%{br_tag}@%{name}!')) % { name: html_escape(current_user.first_name), br_tag: '<br/>'.html_safe }
       %p
-        .center= _('In order to personalize your experience with GitLab<br>we would like to know a bit more about you.').html_safe
+        .center= html_escape(_('In order to personalize your experience with GitLab%{br_tag}we would like to know a bit more about you.')) % { br_tag: '<br/>'.html_safe }
 
       = form_for(current_user, url: users_sign_up_update_registration_path, html: { class: 'card w-100 gl-p-3-deprecated-no-really-do-not-use-me', 'aria-live' => 'assertive' }) do |f|
         .devise-errors

ee/app/views/shared/billings/_trial_status.html.haml

@@ -3,10 +3,10 @@
 
 
 - if namespace.eligible_for_trial?
-  = s_("BillingPlans|Learn more about each plan by reading our %{faq_link}, or start a free 30-day trial of GitLab.com Gold.").html_safe % { faq_link: faq_link }
+  = html_escape(s_("BillingPlans|Learn more about each plan by reading our %{faq_link}, or start a free 30-day trial of GitLab.com Gold.")) % { faq_link: faq_link.html_safe }
 - elsif namespace.trial_active?
-  = s_("BillingPlans|Your GitLab.com %{plan} trial will <strong>expire after %{expiration_date}</strong>. You can retain access to the %{plan} features by upgrading below.").html_safe % { plan: namespace.gitlab_subscription&.plan_title, expiration_date: namespace.trial_ends_on }
+  = html_escape(s_("BillingPlans|Your GitLab.com %{plan} trial will %{strong_open}expire after %{expiration_date}%{strong_close}. You can retain access to the %{plan} features by upgrading below.")) % { plan: namespace.gitlab_subscription&.plan_title, expiration_date: namespace.trial_ends_on, strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
 - elsif namespace.trial_expired?
-  = s_("BillingPlans|Your GitLab.com trial expired on %{expiration_date}. You can restore access to the features at any time by upgrading below.").html_safe % { expiration_date: namespace.trial_ends_on }
+  = s_("BillingPlans|Your GitLab.com trial expired on %{expiration_date}. You can restore access to the features at any time by upgrading below.") % { expiration_date: namespace.trial_ends_on }
 - else
-  = s_("BillingPlans|Learn more about each plan by visiting our %{pricing_page_link}.").html_safe % { pricing_page_link: pricing_page_link }
+  = html_escape(s_("BillingPlans|Learn more about each plan by visiting our %{pricing_page_link}.")) % { pricing_page_link: pricing_page_link.html_safe }

qa/qa/ee/page/main/banner.rb

@@ -6,7 +6,7 @@ module QA
       module Main
         class Banner < QA::Page::Base
           view 'ee/app/helpers/ee/application_helper.rb' do
-            element :read_only_message, 'You are on a secondary, <b>read-only</b> Geo node.' # rubocop:disable QA/ElementWithPattern
+            element :read_only_message, 'You are on a secondary, %{b_open}read-only%{b_close} Geo node.' # rubocop:disable QA/ElementWithPattern
           end
 
           def has_secondary_read_only_banner?