Discovered 11 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Weak


Unescaped model attribute



(_("This repository was last checked %{last_check_timestamp}. The check %{strong_start}failed.%{strong_end} See the 'repocheck.log' file for error messages.") % { :last_check_timestamp => Project.find_by_full_path([params[:namespace_id], "/", params[:id]].join("")).last_repository_check_at.to_s(:medium), :strong_start => "<strong class='cred'>", :strong_end => "</strong>" })

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/admin/projects/show.html.haml or mark it as false positive.