Sha256: b81941cf49139f2afadf6daf0e7ca8530220c35c6d7d8ac64313e8129d801447
Contents?: true
Size: 1.04 KB
Versions: 4
Compression:
Stored size: 1.04 KB
Contents
require 'simplabs/excellent/checks/base'
module Simplabs
module Excellent
module Checks
module Rails
# This check reports views (and partials) that access the +params+ hash. Accessing the +params+ hash directly in views can result in security
# problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
# application that is responsible for dealing with parameters, is circumvented.
#
# ==== Applies to
#
# * partials and regular views
class ParamsHashInViewCheck < Base
def initialize(options = {}) #:nodoc:
super
@interesting_contexts = [Parsing::CallContext]
@interesting_files = [/^.*\.(erb|rhtml)$/]
end
def evaluate(context) #:nodoc:
add_warning(context, 'Params hash used in view.', {}, RUBY_VERSION =~ /1\.8/ ? 0 : -1) if (context.full_name == 'params')
end
end
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems