Actually, image_tag (and most other _tag methods) should be ignored. I'm having trouble reproducing this warning. Can you show us the entire warning output? What version of Rails and Brakeman are you using?
Thanks! -Justin On 04/10/2013 04:06 PM, Matthew Brookes wrote: > Hi! > > I'm getting an XSS warning for this: > > <%= image_tag > "http://maps.google.com/maps/api/staticmap?size=610x450&sensor=false&zoom=15&markers=#{@location.latitude}%2C#{@location.longitude}"; > %> > > Is there something I need to do to improve my code, or is this an > expected false positive? > > Thanks! > Matt. > > > > > On 10 April 2013 18:09, Matthew Brookes <[email protected] > <mailto:[email protected]>> wrote: > > >
