From 57b8959ba578c5641cd6e589422d7ace6e404112 Mon Sep 17 00:00:00 2001 From: Jakob Skjerning Date: Sun, 22 Feb 2026 12:23:56 +0100 Subject: [PATCH 1/2] Lint ERB files with herb analyze This seems to catch more/different issues than the linter, so it's worth running both? --- .github/workflows/erb.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/erb.yml b/.github/workflows/erb.yml index a084e68..133d2a2 100644 --- a/.github/workflows/erb.yml +++ b/.github/workflows/erb.yml @@ -17,5 +17,15 @@ jobs: ruby-version: ['3.4'] steps: - uses: actions/checkout@v4 - - name: herb + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby-version }} + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + + - name: herb linter run: npx @herb-tools/linter app/components --no-color + + - name: herb analyzer + run: bundle exec herb analyze app/components From cdeb96ecc63b6ea23b27df00b62b391c8552a0d8 Mon Sep 17 00:00:00 2001 From: Jakob Skjerning Date: Sun, 22 Feb 2026 12:35:47 +0100 Subject: [PATCH 2/2] Work around Herb > Unexpected error: Herb::Engine::SecurityError: > app/components/flowbite/toast/toast.html.erb:4:36 - ERB output in > attribute names is not allowed for security reasons. - Suggestion: Use > static attribute names with dynamic values instead. --- app/components/flowbite/toast/toast.html.erb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/components/flowbite/toast/toast.html.erb b/app/components/flowbite/toast/toast.html.erb index 39225ae..0460ab6 100644 --- a/app/components/flowbite/toast/toast.html.erb +++ b/app/components/flowbite/toast/toast.html.erb @@ -1,8 +1,8 @@ -
" - role="alert" - <%= options.map { |k, v| "#{k}=\"#{v}\"" }.join(" ").html_safe %> -> +<%= tag.div( + class: container_classes.join(" "), + role: "alert", + **options, +) do %> <%= render Flowbite::Toast::Icon.new(style: style) %>
<%= message %>
@@ -37,4 +37,4 @@ <% end %> -
+<% end %>