Innova-AI/dictia-public
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix(marketing): bento autoescape + dead col-span + test gaps

Browse Source 
- Pipe macro title/description through | safe to render NBSP/& correctly
  (autoescape was producing literal '95 %+' and 'Q&R' text on screen)
- Replace dynamic col-span-{{ span }} with static lookup table so Tailwind
  scanner generates the utilities for A-2.7+ reuse
- Replace inline border style with border-white/[0.045] utility (codebase consistency)
- Add explicit Q&R assertion + autoescape regression guard test
This commit is contained in:
Allison
2026-04-27 18:19:56 -04:00
parent 775075d1ea
commit b87f35ea4a
3 changed files with 39 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
static/css/marketing.css
View File

@@ -497,6 +497,9 @@
.z-\[9999\] {
z-index: 9999;
}
.col-span-1 {
grid-column: span 1 / span 1;
}
.container {
width: 100%;
@media (width >= 40rem) {
@@ -3669,6 +3672,11 @@
opacity: 50%;
}
}
.sm\:col-span-2 {
@media (width >= 40rem) {
grid-column: span 2 / span 2;
}
}
.sm\:-mx-6 {
@media (width >= 40rem) {
margin-inline: calc(var(--spacing) * -6);
@@ -4000,6 +4008,11 @@
}
}
}
.md\:col-span-3 {
@media (width >= 48rem) {
grid-column: span 3 / span 3;
}
}
.md\:mb-2 {
@media (width >= 48rem) {
margin-bottom: calc(var(--spacing) * 2);

12
templates/macros/bento.html
View File

@@ -1,12 +1,14 @@
{# Reusable bento card macro. FlexiHub style: dark navy2 surface, decorative watermark number, gradient icon corner. #}
{# Reusable bento card macro. FlexiHub style: dark navy2 surface, decorative watermark number, gradient icon corner.
`span` controls column span via a static lookup table (Tailwind's content scanner only sees literal class strings,
so dynamic `col-span-{{ span }}` would produce dead classes — the lookup keeps the utilities discoverable). #}
{% macro bento_card(number, title, description, icon='✦', span='1') %}
<div class="relative bg-brand-navy2 p-6 rounded-[18px] overflow-hidden col-span-{{ span }}"
style="border: 1px solid rgba(255,255,255,0.045)">
{%- set span_classes = {'1': 'col-span-1', '2': 'sm:col-span-2', '3': 'sm:col-span-2 md:col-span-3'} -%}
<div class="relative bg-brand-navy2 p-6 rounded-[18px] overflow-hidden border border-white/[0.045] {{ span_classes.get(span, 'col-span-1') }}">
<div class="absolute top-2 right-4 text-[80px] font-black text-white/[0.04]" aria-hidden="true">{{ number }}</div>
<div class="relative">
<div class="w-10 h-10 grad-bg rounded-[0.5rem] mb-4 flex items-center justify-center text-lg">{{ icon }}</div>
<h3 class="text-lg font-bold mb-2 text-white">{{ title }}</h3>
<p class="text-sm text-white/70">{{ description }}</p>
<h3 class="text-lg font-bold mb-2 text-white">{{ title | safe }}</h3>
<p class="text-sm text-white/70">{{ description | safe }}</p>
</div>
</div>
{% endmacro %}

19
tests/test_marketing_landing_template.py
View File

@@ -255,6 +255,8 @@ def test_bento_has_6_features():
# Watermark numbers 01..06
for n in ['01', '02', '03', '04', '05', '06']:
assert f'>{n}<' in body, f"Missing bento watermark number {n}"
# Card 04 must use French Q&R, not English Q&A — primary identifier check
assert 'Q&amp;R' in body or 'Q&R' in body, "Card 04 must use French Q&R, not Q&A"
def test_bento_uses_flexihub_styling():
@@ -281,3 +283,20 @@ def test_bento_uses_wcag_safe_text_on_dark():
client = app.test_client()
body = client.get('/').data.decode('utf-8')
assert 'text-white/70' in body, "Missing WCAG-safe /70 text opacity on dark cards"
def test_bento_renders_nbsp_entities_not_escaped():
"""Card 01 '95 %+' NBSP must render as a non-breaking space, not as literal '&nbsp;' text.
Regression guard: if the bento macro stops piping description through `| safe`,
Jinja autoescape will double-escape '&nbsp;' to '&amp;nbsp;' and users see the
raw entity. The HTML response must contain the literal '95&nbsp;%+' once
(single escape), never '95&amp;nbsp;%+'.
"""
client = app.test_client()
body = client.get('/').data.decode('utf-8')
assert '95&nbsp;%+' in body, "NBSP entity should appear single-escaped in card 01"
assert '95&amp;nbsp;' not in body, "NBSP entity must not be double-escaped (missing | safe?)"
# Q&R card title: French ampersand must survive as &amp; in HTML, not &amp;amp;
assert 'Q&amp;R' in body, "Q&R title should appear single-escaped"
assert 'Q&amp;amp;R' not in body, "Q&R title must not be double-escaped"