Discovered 8 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Medium

Problem

Unsafe model attribute in link_to href

Location

app/views/invites/show.html.haml:12

link_to(({ :name => Project.full_name, :url => project_url(Project), :title => _("project"), :path => project_path(Project) } or { :name => Group.name, :url => group_url(Group), :title => _("group"), :path => group_path(Group) })[:name], ({ :name => Project.full_name, :url => project_url(Project), :title => _("project"), :path => project_path(Project) } or { :name => Group.name, :url => group_url(Group), :title => _("group"), :path => group_path(Group) })[:url])

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/invites/show.html.haml or mark it as false positive.