-
Notifications
You must be signed in to change notification settings - Fork 724
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
false positive AND negative for XSS warning when using sanitize
#1187
Comments
The second issue is resolved with #1192. The first issue is a bit more difficult, still thinking about how to solve it. At first I was going to ignore it because it seemed nonsensical but after testing I see it does make the link safe... |
@presidentbeef so actually, |
(also: thank you for your wonderful gem!) |
Confirmed in Rails 5.2 that you can still get a |
Background
Brakeman version: 4.2.1
Rails version: 4.2.10
Ruby version: 2.3.4
Issue
correctly using
sanitize
produces a warningFull Brakeman Warning:
but incorrectly using it does not, despite the fact that this is unsafe
The text was updated successfully, but these errors were encountered: