Re: [brakeman] Re:

2013-04-10 Thread Neil Matatall 
Rails 2?

If so, those interpolated values would need to be h()'d

On Wed, Apr 10, 2013 at 4:06 PM, Matthew Brookes m...@brookes.net wrote:
 Hi!

 I'm getting an XSS warning  for this:

 %= image_tag
 http://maps.google.com/maps/api/staticmap?size=610x450sensor=falsezoom=15markers=#{@location.latitude}%2C#{@location.longitude};
 %

 Is there something I need to do to improve my code, or is this an expected
 false positive?

 Thanks!
 Matt.




 On 10 April 2013 18:09, Matthew Brookes m...@brookes.net wrote:

Re: [brakeman] Re:

2013-04-10 Thread Justin Collins 
Actually, image_tag (and most other _tag methods) should be ignored.

I'm having trouble reproducing this warning. Can you show us the entire 
warning output? What version of Rails and Brakeman are you using?

Thanks!

-Justin

On 04/10/2013 04:06 PM, Matthew Brookes wrote:
 Hi!

 I'm getting an XSS warning  for this:

 %= image_tag
 http://maps.google.com/maps/api/staticmap?size=610x450sensor=falsezoom=15markers=#{@location.latitude}%2C#{@location.longitude};
 %

 Is there something I need to do to improve my code, or is this an
 expected false positive?

 Thanks!
 Matt.




 On 10 April 2013 18:09, Matthew Brookes m...@brookes.net
 mailto:m...@brookes.net wrote: