Re: [brakeman] Re:
Rails 2? If so, those interpolated values would need to be h()'d On Wed, Apr 10, 2013 at 4:06 PM, Matthew Brookes m...@brookes.net wrote: Hi! I'm getting an XSS warning for this: %= image_tag http://maps.google.com/maps/api/staticmap?size=610x450sensor=falsezoom=15markers=#{@location.latitude}%2C#{@location.longitude}; % Is there something I need to do to improve my code, or is this an expected false positive? Thanks! Matt. On 10 April 2013 18:09, Matthew Brookes m...@brookes.net wrote:
Re: [brakeman] Re:
Actually, image_tag (and most other _tag methods) should be ignored. I'm having trouble reproducing this warning. Can you show us the entire warning output? What version of Rails and Brakeman are you using? Thanks! -Justin On 04/10/2013 04:06 PM, Matthew Brookes wrote: Hi! I'm getting an XSS warning for this: %= image_tag http://maps.google.com/maps/api/staticmap?size=610x450sensor=falsezoom=15markers=#{@location.latitude}%2C#{@location.longitude}; % Is there something I need to do to improve my code, or is this an expected false positive? Thanks! Matt. On 10 April 2013 18:09, Matthew Brookes m...@brookes.net mailto:m...@brookes.net wrote: