Skip to content

ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute false positives #3539

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
ruby.rails.security.audit.xss.templates.unquoted-attribute.unquoted-attribute false positives#3539
Labels
bugSomething isn't working
@segiddins

Description

@segiddins
segiddins
opened on Dec 13, 2024

Describe the bug
False positives for patterns that are wrapped in parentheses
To Reproduce

    <!-- ok: unquoted-attribute -->
    <div style="max-width: <%= width || "100%" %>;"> </div>

    <!-- ok: unquoted-attribute -->
    <div href="foo/<%= "%>" %>"> </div>

Expected behavior

No warnings

Priority
How important is this to you?

  • P0: blocking me from making progress
  • P1: this will block me in the near future
  • P2: annoying but not blocking me

Additional Context
Add any other context about the problem here.

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions