1 2 3 4 5 6 7 | Confidence: Weak Category: Cross-Site Scripting Check: LinkToHref Message: Potentially unsafe model attribute in `link_to` href Code: link_to("\u6DFB\u4ED8\u30D5\u30A1\u30A4\u30EB", Model.find(params[:model_id]).attachment_url, :target => "_blank", :rel => :noopener, :class => "btn btn-primary btn-block") File: model.html.haml Line: 24 |
参照の方法が
1 2 3 4 5 | # だめ Model.find() # ok current_user.models.fin() |
ならOK