Discovered 9 months ago
Source: static code analysis
Category: Cross-Site Scripting
Confidence level: Weak

Problem

Unescaped parameter value

Location

app/views/shared/hook_logs/_content.html.haml:44

hook.web_hook_logs.find(params[:id]).response_body

Category description: XSS occurs when a user-manipulatable value is displayed on a web page without escaping it, allowing someone to inject Javascript or HTML into the page.

Solution: fix the issue in app/views/shared/hook_logs/_content.html.haml or mark it as false positive.