Class Brakeman::CheckContentTag
In: lib/brakeman/checks/check_content_tag.rb
Parent: Brakeman::CheckCrossSiteScripting

Checks for unescaped values in `content_tag`

    content_tag :tag, body
                       ^-- Unescaped in Rails 2.x

    content_tag, :tag, body, attribute => value
                                ^-- Unescaped in all versions

    content_tag, :tag, body, attribute => value
                                            ^
                                            |
            Escaped by default, can be explicitly escaped
            or not by passing in (true|false) as fourth argument

Methods

Public Instance methods

[Validate]