Remove inline JS in links

Changes these to use unobtrusive JS

app/assets/stylesheets/errors.scss

@@ -96,7 +96,7 @@ a {
 }
 
 .error-nav {
-  padding: 0;
+  padding: $gl-padding 0 0;
   text-align: center;
 
   li {

app/views/admin/applications/_delete_form.html.haml

@@ -1,4 +1,4 @@
 - submit_btn_css ||= 'btn btn-link btn-remove btn-sm'
 = form_tag admin_application_path(application) do
   %input{ :name => "_method", :type => "hidden", :value => "delete" }/
-  = submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css
+  = submit_tag 'Destroy', class: submit_btn_css, data: { confirm: _('Are you sure?') }

app/views/doorkeeper/authorized_applications/_delete_form.html.haml

@@ -5,4 +5,4 @@
 
 = form_tag path do
   %input{ :name => "_method", :type => "hidden", :value => "delete" }/
-  = submit_tag _('Revoke'), onclick: "return confirm('#{_('Are you sure?')}')", class: 'btn btn-remove btn-sm'
+  = submit_tag _('Revoke'), class: 'btn btn-remove btn-sm', data: { confirm: _('Are you sure?') }

app/views/errors/access_denied.html.haml

@@ -10,7 +10,7 @@
       = message
   %p
     = s_('403|Please contact your GitLab administrator to get permission.')
-  .action-container.js-go-back{ style: 'display: none' }
-    %a{ href: 'javascript:history.back()', class: 'btn btn-success' }
+  .action-container.js-go-back{ hidden: true }
+    %button{ type: 'button', class: 'btn btn-success' }
       = s_('Go Back')
 = render "errors/footer"

app/views/layouts/errors.html.haml

@@ -14,6 +14,10 @@
           var goBackElement = document.querySelector('.js-go-back');
 
           if (goBackElement && history.length > 1) {
-            goBackElement.style.display = 'block';
+            goBackElement.removeAttribute('hidden');
+
+            goBackElement.querySelector('button').addEventListener('click', function() {
+              history.back();
+            });
           }
         }());

app/views/profiles/personal_access_tokens/index.html.haml

@@ -31,7 +31,7 @@
       = s_('AccessTokens|It cannot be used to access any other data.')
   .col-lg-8.feed-token-reset
     = label_tag :feed_token, s_('AccessTokens|Feed token'), class: "label-bold"
-    = text_field_tag :feed_token, current_user.feed_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+    = text_field_tag :feed_token, current_user.feed_token, class: 'form-control js-select-on-focus', readonly: true
     %p.form-text.text-muted
       - reset_link = link_to s_('AccessTokens|reset it'), [:reset, :feed_token, :profile], method: :put, data: { confirm: s_('AccessTokens|Are you sure? Any RSS or calendar URLs currently in use will stop working.') }
       - reset_message = s_('AccessTokens|Keep this token secret. Anyone who gets ahold of it can read activity and issue RSS feeds or your calendar feed as if they were you. You should %{link_reset_it} if that ever happens.') % { link_reset_it: reset_link }
@@ -49,7 +49,7 @@
         = s_('AccessTokens|It cannot be used to access any other data.')
     .col-lg-8.incoming-email-token-reset
       = label_tag :incoming_email_token, s_('AccessTokens|Incoming email token'), class: "label-bold"
-      = text_field_tag :incoming_email_token, current_user.incoming_email_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+      = text_field_tag :incoming_email_token, current_user.incoming_email_token, class: 'form-control js-select-on-focus', readonly: true
       %p.form-text.text-muted
         - reset_link = link_to s_('AccessTokens|reset it'), [:reset, :incoming_email_token, :profile], method: :put, data: { confirm: s_('AccessTokens|Are you sure? Any issue email addresses currently in use will stop working.') }
         - reset_message = s_('AccessTokens|Keep this token secret. Anyone who gets ahold of it can create issues as if they were you. You should %{link_reset_it} if that ever happens.') % { link_reset_it: reset_link }