RubygemsResearch

Sha256: 88bb25415d20bb24c16241da9f32f7c71cbb99fc428c9e7426d87225a31556e3

Contents?: true

Size: 1.49 KB

Versions: 11

Compression:

Stored size: 1.49 KB

# frozen_string_literal: true

module RuboCop
  module Cop
    module Rails
      # This cop checks for the use of output safety calls like html_safe and
      # raw.
      #
      # @example
      #   # bad
      #   "<p>#{text}</p>".html_safe
      #
      #   # good
      #   content_tag(:p, text)
      #
      #   # bad
      #   out = ""
      #   out << content_tag(:li, "one")
      #   out << content_tag(:li, "two")
      #   out.html_safe
      #
      #   # good
      #   out = []
      #   out << content_tag(:li, "one")
      #   out << content_tag(:li, "two")
      #   safe_join(out)
      #
      class OutputSafety < Cop
        MSG = 'Tagging a string as html safe may be a security risk, ' \
              'prefer `safe_join` or other Rails tag helpers instead.'.freeze

        def on_send(node)
          _receiver, method_name, *_args = *node
          ignore_node(node) if method_name == :safe_join
          return unless !part_of_ignored_node?(node) &&
                        (looks_like_rails_html_safe?(node) ||
                        looks_like_rails_raw?(node))

          add_offense(node, :selector)
        end

        private

        def looks_like_rails_html_safe?(node)
          receiver, method_name, *args = *node

          receiver && method_name == :html_safe && args.empty?
        end

        def looks_like_rails_raw?(node)
          receiver, method_name, *args = *node

          receiver.nil? && method_name == :raw && args.one?
        end
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 2 rubygems

Version	Path
dirwatch-0.0.9	vendor/bundle/ruby/2.5.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
dirwatch-0.0.8	vendor/bundle/ruby/2.5.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
dirwatch-0.0.6	vendor/bundle/ruby/2.3.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
dirwatch-0.0.5	vendor/bundle/ruby/2.3.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
dirwatch-0.0.4	vendor/bundle/ruby/2.3.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
dirwatch-0.0.3	vendor/bundle/ruby/2.3.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
dirwatch-0.0.2	vendor/bundle/ruby/2.3.0/gems/rubocop-0.46.0/lib/rubocop/cop/rails/output_safety.rb
rubocop-0.47.1	lib/rubocop/cop/rails/output_safety.rb
rubocop-0.47.0	lib/rubocop/cop/rails/output_safety.rb
rubocop-0.46.0	lib/rubocop/cop/rails/output_safety.rb
rubocop-0.45.0	lib/rubocop/cop/rails/output_safety.rb