class Sqreen::Rules::SlimSplatBuilderCB

Hook into temple template rendering

Public Instance Methods

pre(inst, args, _budget = nil, &_block) click to toggle source
# File lib/sqreen/rules/xss_cb.rb, line 267
def pre(inst, args, _budget = nil, &_block)
  value = args[0]
  return if value.nil?

  return unless xss_params.any? { |p| p == value }

  Sqreen.log.debug { format('Found unescaped user param: %s', value) }

  return unless value.is_a?(String)

  return unless report_dangerous_xss?(value)

  return unless block
  # potential XSS! let's escape
  if block
    args[0] = CGI.escape_html(value)
    r = inst.send(method, *args)
    return { :status => :skip, :new_return_value => r }
  end
  nil
end