Commit 2577cc97 authored by Micaël Bergeron's avatar Micaël Bergeron Committed by Micael Bergeron

Fix table in doc/development/secure_coding_guidelines.md

parent 0e80b672
...@@ -311,6 +311,7 @@ Specifically, the following options are dangerous because they mark strings as t ...@@ -311,6 +311,7 @@ Specifically, the following options are dangerous because they mark strings as t
|----------------------|-------------------------------| |----------------------|-------------------------------|
| HAML templates | `html_safe`, `raw`, `!=` | | HAML templates | `html_safe`, `raw`, `!=` |
| Embedded Ruby (ERB) | `html_safe`, `raw`, `<%== %>` | | Embedded Ruby (ERB) | `html_safe`, `raw`, `<%== %>` |
In case you want to sanitize user-controlled values against XSS vulnerabilities, you can use In case you want to sanitize user-controlled values against XSS vulnerabilities, you can use
[`ActionView::Helpers::SanitizeHelper`](https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html). [`ActionView::Helpers::SanitizeHelper`](https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html).
Calling `link_to` and `redirect_to` with user-controlled parameters can also lead to cross-site scripting. Calling `link_to` and `redirect_to` with user-controlled parameters can also lead to cross-site scripting.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment