Contents

module RuboCop
  module Cop
    module Paraxial
      class HTMLSafe < Base
        MSG = '`html_safe` leads to XSS when called on user input.'

        def on_send(node)
          method_name = node.method_name
          return unless send_methods.include?(method_name)

          add_offense(node, message: format(MSG, method: method_name))
        end

        private

        def send_methods
          [:html_safe]
        end
      end
    end
  end
end

Version data entries

17 entries across 17 versions & 1 rubygems

Version	Path
paraxial-1.4.5	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.4.4	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.4.3	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.4.2	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.4.1	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.4.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.3.1	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.3.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.2.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.1.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.0.2	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.0.1	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-1.0.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-0.9.1	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-0.9.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-0.8.0	lib/rubocop/cop/paraxial/html_safe.rb
paraxial-0.7.0	lib/rubocop/cop/paraxial/html_safe.rb