Cross Site Scripting: link to HREF
Even though Rails will escape the link provided to
Brakeman will warn on if user values are used to provide the HREF value in
link_to or if they are interpolated at the beginning of a string.
--url-safe-methods option can be used to specify methods which make URLs safe.
See here for more details.
Back to Warning Types