gpt4 book ai didi

ruby-on-rails - Brakeman 错误 - 附近未转义的模型属性

转载 作者:行者123 更新时间:2023-12-04 06:04:52 26 4
gpt4 key购买 nike

我收到很多错误如下

Unescaped model attribute near line 20: show_errors(Objective.new(objective_params), :name)

展开 View



这是我的代码
module ApplicationHelper
# Error Helper for Form
def show_errors(object, field_name)
if object.errors.any? && object.errors.messages[field_name][0].present?
"<label class='text-error'>" + object.errors.messages[field_name][0] + "</label>"
else
return ""
end
end

end

最佳答案

来自刹车人 Cross Site Scripting文档:

By default, Brakeman will also warn when a parameter or cookie value is used as an argument to a method, the result of which is output unescaped to a view.

For example:

<%= some_method(cookie[:name]) %>

This raises a warning like:

Unescaped cookie value near line 5: some_method(cookies[:oreo])

However, the confidence level for this warning will be weak, because it is not directly outputting the cookie value.



最后一句话可能很重要。如果您确定您的值被转义,则此警告可能会被忽略/禁用。

关于ruby-on-rails - Brakeman 错误 - 附近未转义的模型属性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38673359/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com