You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Confidence: Medium
Category: Cross-Site Scripting
Check: CrossSiteScripting
Message: Unescaped model attribute
Code: Setup.hostname
File: app/views/layouts/_i18n_settings.html.haml
Line: 3
Relevant code:
# app/views/layouts/_i18n_settings.html.haml:javascript
$(document).ready(function(){vardomain='#{Setup.hostname}'# Fetch value from db# ...});
Why might this be a false positive?
We recently upgrade to haml 6.3.0 (from haml v5.2.0 ) and we are getting CrossSiteScripting warning for above code. Same warning doesn't come up with haml v5.2.0. Wondering if haml v6 is supported?
The text was updated successfully, but these errors were encountered:
Background
Brakeman version: 6.1.2
Rails version: 7.1.5
Ruby version: 3.3.1
False Positive
Full warning from Brakeman:
Relevant code:
Why might this be a false positive?
We recently upgrade to haml 6.3.0 (from haml v5.2.0 ) and we are getting
CrossSiteScriptingwarning for above code. Same warning doesn't come up with haml v5.2.0. Wondering if haml v6 is supported?The text was updated successfully, but these errors were encountered: