Merge branch 'add-js-prevent-default-on-click-ee' into 'master'

[EE] Replace inline scripts in links to prevent default

See merge request gitlab-org/gitlab-ee!15211

app/assets/javascripts/members.js

@@ -17,6 +17,8 @@ export default class Members {
   }
 
   dropdownClicked(options) {
+    options.e.preventDefault();
+
     this.formSubmit(null, options.$el);
   }
 

app/views/projects/commit/_ajax_signature.html.haml

 - if commit.has_signature?
-  %a{ href: 'javascript:void(0)', tabindex: 0, class: commit_signature_badge_classes('js-loading-gpg-badge'), data: { toggle: 'tooltip', placement: 'top', title: _('GPG signature (loading...)'), 'commit-sha' => commit.sha } }
+  %button{ tabindex: 0, class: commit_signature_badge_classes('js-loading-gpg-badge'), data: { toggle: 'tooltip', placement: 'top', title: _('GPG signature (loading...)'), 'commit-sha' => commit.sha } }

app/views/projects/commit/_signature_badge.html.haml

@@ -24,5 +24,5 @@
 
   = link_to(_('Learn more about signing commits'), help_page_path('user/project/repository/gpg_signed_commits/index.md'), class: 'gpg-popover-help-link')
 
-%a{ href: 'javascript:void(0)', tabindex: 0, class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'top', title: title, content: content } }
+%button{ tabindex: 0, class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'top', title: title, content: content } }
   = label

app/views/shared/members/_group.html.haml

@@ -32,7 +32,7 @@
             %ul
               - Gitlab::Access.options.each do |role, role_id|
                 %li
-                  = link_to role, "javascript:void(0)",
+                  = link_to role, '#',
                     class: ("is-active" if group_link.group_access == role_id),
                     data: { id: role_id, el_id: dom_id }
       .clearable-input.member-form-control.d-sm-inline-block

app/views/shared/members/_member.html.haml

@@ -82,7 +82,7 @@
                   %ul
                     - member.valid_level_roles.each do |role, role_id|
                       %li
-                        = link_to role, "javascript:void(0)",
+                        = link_to role, '#',
                           class: ("is-active" if member.access_level == role_id),
                           data: { id: role_id, el_id: dom_id(member) }
                     = render_if_exists 'shared/members/ee/revert_ldap_group_sync_option',

ee/app/assets/javascripts/members.js

@@ -17,6 +17,8 @@ export default class MembersEE extends Members {
   }
 
   dropdownClicked(options) {
+    options.e.preventDefault();
+
     const $link = options.$el;
 
     if (!$link.data('revert')) {

ee/app/views/shared/members/ee/_revert_ldap_group_sync_option.html.haml

@@ -5,5 +5,5 @@
 - if can_override
   %li.divider
   %li
-    = link_to 'Revert to LDAP group sync settings', 'javascript:void(0)',
+    = link_to 'Revert to LDAP group sync settings', '#',
       data: { revert: 'true', endpoint: override_group_group_member_path(group, member), el_id: dom_id(member) }

ee/app/views/shared/promotions/_promote_issue_templates.html.haml

 .form-text.text-muted
   = _('Add')
-  = link_to 'description templates', 'javascript:void(0);', id: 'promotion-issue-template-link', data: {toggle: 'dropdown'}, tabindex: -1
+  = link_to 'description templates', '#', id: 'promotion-issue-template-link', data: { toggle: 'dropdown' }, tabindex: -1
   = _('to help your contributors communicate effectively!')
   .dropdown.promotion-issue-template
     .dropdown-menu.promotion-issue-template-message

spec/features/signed_commits_spec.rb

@@ -15,8 +15,8 @@ describe 'GPG signed commits' do
 
     visit project_commit_path(project, ref)
 
-    expect(page).to have_link 'Unverified'
-    expect(page).not_to have_link 'Verified'
+    expect(page).to have_button 'Unverified'
+    expect(page).not_to have_button 'Verified'
 
     # user changes his email which makes the gpg key verified
     perform_enqueued_jobs do
@@ -26,8 +26,8 @@ describe 'GPG signed commits' do
 
     visit project_commit_path(project, ref)
 
-    expect(page).not_to have_link 'Unverified'
-    expect(page).to have_link 'Verified'
+    expect(page).not_to have_button 'Unverified'
+    expect(page).to have_button 'Verified'
   end
 
   it 'changes from unverified to verified when the user adds the missing gpg key' do
@@ -36,8 +36,8 @@ describe 'GPG signed commits' do
 
     visit project_commit_path(project, ref)
 
-    expect(page).to have_link 'Unverified'
-    expect(page).not_to have_link 'Verified'
+    expect(page).to have_button 'Unverified'
+    expect(page).not_to have_button 'Verified'
 
     # user adds the gpg key which makes the signature valid
     perform_enqueued_jobs do
@@ -46,8 +46,8 @@ describe 'GPG signed commits' do
 
     visit project_commit_path(project, ref)
 
-    expect(page).not_to have_link 'Unverified'
-    expect(page).to have_link 'Verified'
+    expect(page).not_to have_button 'Unverified'
+    expect(page).to have_button 'Verified'
   end
 
   context 'shows popover badges', :js do
@@ -136,7 +136,7 @@ describe 'GPG signed commits' do
       visit project_commit_path(project, GpgHelpers::SIGNED_AND_AUTHORED_SHA)
 
       # wait for the signature to get generated
-      expect(page).to have_link 'Verified'
+      expect(page).to have_button 'Verified'
 
       user_1.destroy!