tansaku/LocalSupport

View on GitHub
app/views/proposed_organisation_edits/show.html.erb

Summary

Maintainability
Test Coverage

Potentially unsafe model attribute in link_to href
Open

          <%= link_to @organisation.website, @organisation.website, {:target => '_blank'} if @organisation.website.present?%>

Even though Rails will escape the link provided to link_to, values starting with javascript: or data: are unescaped and dangerous.

Brakeman will warn on if user values are used to provide the HREF value in link_to or if they are interpolated at the beginning of a string.

The --url-safe-methods option can be used to specify methods which make URLs safe.

See here for more details.

Potentially unsafe model attribute in link_to href
Open

          <%= link_to @proposed_organisation_edit.website, @proposed_organisation_edit.website, {:target => '_blank'} if @proposed_organisation_edit.website.present?%>

Even though Rails will escape the link provided to link_to, values starting with javascript: or data: are unescaped and dangerous.

Brakeman will warn on if user values are used to provide the HREF value in link_to or if they are interpolated at the beginning of a string.

The --url-safe-methods option can be used to specify methods which make URLs safe.

See here for more details.

There are no issues that match your filters.

Category
Status