Recognize how slim sometimes outputs safe html (with `escape_html_safe`)
Reduces slim XSS false positives in cases where brakeman is run in the context of an app that includes active support. Templates compile down to Template::Utils.escape_html_utils if Active Support's `html_safe?` method is defined. See: https://github.com/judofyr/temple/blob/master/lib/temple/filters/escapable.rb#L12
Showing
想要评论请 注册 或 登录