Fix HTML validator errors for main page

MrSerth · MrSerth · commit b515e89cb530 · 2025-02-17T17:53:53.000+01:00
In Slim any attribute with a `nil` value is omitted (completely). An empty string is also treated specifically, since the attribute name is still included but without any assignment. The first handling (omitting the attribute at all) is not HTML compliant.
diff --git a/app/views/layouts/application.html.slim b/app/views/layouts/application.html.slim
@@ -1,7 +1,7 @@
 doctype html
 html lang=I18n.locale data-default-locale=I18n.default_locale
   head
-    meta charset='utf8'
+    meta charset='utf-8'
     meta name='viewport' content='width=device-width, initial-scale=1'
     meta name='mobile-web-app-capable' content='yes'
     = render('breadcrumbs_and_title')
@@ -18,13 +18,13 @@ html lang=I18n.locale data-default-locale=I18n.default_locale
     = javascript_include_tag('application', 'data-turbolinks-track': 'reload', integrity: true, crossorigin: 'anonymous')
     = yield(:head)
     = csrf_meta_tags
-    = csp_meta_tag
-    meta name='sentry' data-enabled=SentryJavascript.active?.to_s data-release=SentryJavascript.release data-dsn=SentryJavascript.dsn data-environment=SentryJavascript.environment
-    meta name='current-user' content=current_user&.to_page_context&.to_json
-    meta name='current-contributor' content=current_contributor&.to_page_context&.to_json
+    /= csp_meta_tag
+    meta name='sentry' data-enabled=SentryJavascript.active?.to_s data-release=SentryJavascript.release data-dsn=SentryJavascript.dsn data-environment=SentryJavascript.environment content=''
+    meta name='current-user' content=current_user&.to_page_context&.to_json.to_s
+    meta name='current-contributor' content=current_contributor&.to_page_context&.to_json.to_s
   body
     - unless @embed_options[:hide_navbar]
-      nav.navbar.bg-dark.navbar-expand-md.mb-4.py-1 role='navigation' data-bs-theme="dark"
+      nav.navbar.bg-dark.navbar-expand-md.mb-4.py-1 data-bs-theme="dark"
         .container
           .navbar-brand
             i.fa-solid.fa-code
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
@@ -105,6 +105,7 @@ def self.get_host_source(url)
   # Generate session nonces for permitted importmap, inline scripts, and inline styles.
   # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
   # config.content_security_policy_nonce_directives = %w(script-src style-src)
+  # Once configured, keep in mind to uncomment `csp_meta_tag` in `views/layouts/application.html.slim`.
 
   # Report violations without enforcing the policy.
   # config.content_security_policy_report_only = true
