Class Brakeman::CheckSingleQuotes
In: lib/brakeman/checks/check_single_quotes.rb
Parent: Brakeman::BaseCheck

Checks for versions which do not escape single quotes. groups.google.com/d/topic/rubyonrails-security/kKGNeMrnmiY/discussion

Methods

Constants

RACK_UTILS = Sexp.new(:colon2, Sexp.new(:const, :Rack), :Utils)

Public Class methods

Public Instance methods

Look for

    Rack::Utils.escape_html

Look for

    class ERB

Look for

    def html_escape

Look for

    module Util

Process initializers to see if they use workaround by replacing Erb::Util.html_escape

[Validate]