brakemanのlink_toエラー

Confidence: Weak
Category: Cross-Site Scripting
Check: LinkToHref
Message: Potentially unsafe model attribute in `link_to` href
Code: link_to("\u6DFB\u4ED8\u30D5\u30A1\u30A4\u30EB", Model.find(params[:model_id]).attachment_url, :target => "_blank", :rel => :noopener, :class => "btn btn-primary btn-block")
File: model.html.haml
Line: 24

Confidence: Weak

Category: Cross-Site Scripting

Check: LinkToHref

Message: Potentially unsafe model attribute in `link_to` href

Code: link_to("\u6DFB\u4ED8\u30D5\u30A1\u30A4\u30EB", Model.find(params[:model_id]).attachment_url, :target => "_blank", :rel => :noopener, :class => "btn btn-primary btn-block")

File: model.html.haml

Line: 24

参照の方法が

# だめ
Model.find()

# ok
current_user.models.fin()

# だめ

Model.find()

# ok

current_user.models.fin()

ならOK

brakemanのlink_toエラー

Railsカテゴリの最新記事

rails カラムタイプをboolean => integer

PG::ConnectionBad

Rails: SassC::SyntaxError:

Is another postmaster (PID 488) running in data directory “/usr/local/var/postgres”?

Railsでdropzoneをuploadボタンを押して方針する方法

Show object column using association in simple_form