API Particulier: add direct link to public page within reporters emails #30
reviewdog [brakeman] report
reported by reviewdog 🐶
Findings (0)
Filtered Findings (8)
app/views/shared/authorization_requests/_header.html.erb|23| Cross-Site Scripting Template Unescaped model attribute near line 23: t("shared.links.to_datapass", :external_id => MagicLink.find_by(:access_token => magic_token_show_params[:access_token]).token.decorate.authorization_request.external_id) Weak
app/views/shared/authorization_requests/index.html.erb|11| Cross-Site Scripting Template Unescaped model attribute near line 11: t(".title", :api_label => t(".#{current_user.authorization_requests.where(:api => api).submitted_at_least_once.viewable_by_users.order(:first_submitted_at => :desc).includes(:active_token).first.api}"), :count => current_user.authorization_requests.where(:api => api).submitted_at_least_once.viewable_by_users.order(:first_submitted_at => :desc).includes(:active_token).count) Weak
app/views/shared/tokens/ask_for_prolongation.html.erb|9| Cross-Site Scripting Template Unescaped model attribute near line 9: t(".description", :demandeur => current_user.tokens.find(params[:id]).decorate.demandeur.full_name, :token_id => current_user.tokens.find(params[:id]).decorate.id, :remaining_time => distance_of_time_in_words(Time.zone.now, current_user.tokens.find(params[:id]).decorate.end_timestamp)) Weak
app/views/shared/tokens/ask_for_prolongation.html.erb|15| Cross-Site Scripting Template Unescaped model attribute near line 15: t(".demandeur", :demandeur => current_user.tokens.find(params[:id]).decorate.demandeur.full_name) Weak
app/views/shared/tokens/cannot_show.html.erb|9| Cross-Site Scripting Template Unescaped model attribute near line 9: t(".description", :demandeur => current_user.tokens.find(params[:id]).decorate.demandeur.full_name, :token_id => current_user.tokens.find(params[:id]).decorate.id, :remaining_time => distance_of_time_in_words(Time.zone.now, current_user.tokens.find(params[:id]).decorate.end_timestamp)) Weak
app/views/shared/tokens/cannot_show.html.erb|15| Cross-Site Scripting Template Unescaped model attribute near line 15: t(".demandeur", :demandeur => current_user.tokens.find(params[:id]).decorate.demandeur.full_name) Weak
app/views/shared/tokens/cannot_show.html.erb|22| Cross-Site Scripting Template Unescaped model attribute near line 22: t(".contact_technique", :contact_technique => current_user.tokens.find(params[:id]).decorate.authorization_request.contact_technique.full_name) Weak
app/views/shared/tokens/prolong.html.erb|15| Cross-Site Scripting Template Unescaped model attribute near line 15: t(".description", :link_to_datapass => link_to(t("shared.links.to_datapass", :external_id => current_user.tokens.find(params[:id]).decorate.authorization_request.external_id).html_safe, datapass_authorization_request_url(current_user.tokens.find(params[:id]).decorate.authorization_request), :id => :authorization_request_link, :class => (["fr-link"]), :target => "_blank"), :remaining_time => distance_of_time_in_words(Time.zone.now, current_user.tokens.find(params[:id]).decorate.end_timestamp)) Weak