class Sqreen::Rules::SlimSplatBuilderCB
Hook into temple template rendering
Public Instance Methods
pre(inst, args, _budget = nil, &_block)
click to toggle source
# File lib/sqreen/rules/xss_cb.rb, line 267 def pre(inst, args, _budget = nil, &_block) value = args[0] return if value.nil? return unless xss_params.any? { |p| p == value } Sqreen.log.debug { format('Found unescaped user param: %s', value) } return unless value.is_a?(String) return unless report_dangerous_xss?(value) return unless block # potential XSS! let's escape if block args[0] = CGI.escape_html(value) r = inst.send(method, *args) return { :status => :skip, :new_return_value => r } end nil end