We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.

Discovered almost 5 years ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Weak

Problem

Unescaped parameter value

Location

app/views/topics/show.html.erb:90

crawlable_meta_data(:title => TopicView.new(params[:topic_id]).title, :description => TopicView.new(params[:topic_id]).summary, :image => TopicView.new(params[:topic_id]).image_url, :read_time => TopicView.new(params[:topic_id]).read_time, :like_count => TopicView.new(params[:topic_id]).like_count)

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/topics/show.html.erb or mark it as false positive.