Discovered 11 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Medium


Unsafe parameter value in link_to href



link_to(find_routable!(User, params[:username]).short_website_url, find_routable!(User, params[:username]).full_website_url, :class => "text-link", :target => "_blank", :rel => "me noopener noreferrer nofollow", :itemprop => "url")

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/users/show.html.haml or mark it as false positive.