Confidence: Weak
Category: Cross-Site Scripting
Check: LinkToHref
Message: Potentially unsafe model attribute in `link_to` href
Code: link_to("\u6DFB\u4ED8\u30D5\u30A1\u30A4\u30EB", Model.find(params[:model_id]).attachment_url, :target => "_blank", :rel => :noopener, :class => "btn btn-primary btn-block")
File: model.html.haml
Line: 24参照の方法が
# だめ
Model.find()
# ok
current_user.models.fin()ならOK
コメントを残す