Class Brakeman::CheckMailTo
In: lib/brakeman/checks/check_mail_to.rb
Parent: Brakeman::BaseCheck

Check for cross-site scripting vulnerability in mail_to :encode => :javascript with certain versions of Rails (< 2.3.11 or < 3.0.4).

groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81

Methods

Public Instance methods

Check for javascript encoding of mail_to address

    mail_to email, name, :encode => :javascript

[Validate]