Discovered 11 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Weak


Unescaped model attribute



(_("Last repository check (%{last_check_timestamp}) failed. See the 'repocheck.log' file for error messages.") % { :last_check_timestamp => time_ago_with_tooltip(Project.find_by_full_path([params[:namespace_id], "/", params[:id]].join("")).last_repository_check_at) })

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/admin/projects/show.html.haml or mark it as false positive.