You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Brakeman currently does not analyze HTML email templates for HTML injection vulnerabilities. As a result, potential security issues in mailer views may go undetected. I propose extending Brakeman’s coverage to include mailer templates, scanning them for common HTML injection issues.
Describe the solution you’d like
Brakeman should flag unsafe code patterns in mailer templates with appropriate warnings - similar to how it handles views rendered by ActionController. For example, the following should raise a warning when found in an email template:
Describe alternatives you’ve considered
One workaround is to render HTML mailer templates through ActionController, allowing Brakeman to pick them up via its existing view analysis. However, this is more of a workaround than a long-term solution and may introduce unintended behavior.
Additional context
I'd be happy to help implement this feature if there’s broader interest in adding support for mailer template checks in Brakeman.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Brakeman currently does not analyze HTML email templates for HTML injection vulnerabilities. As a result, potential security issues in mailer views may go undetected. I propose extending Brakeman’s coverage to include mailer templates, scanning them for common HTML injection issues.
Describe the solution you’d like
Brakeman should flag unsafe code patterns in mailer templates with appropriate warnings - similar to how it handles views rendered by
ActionController. For example, the following should raise a warning when found in an email template:Describe alternatives you’ve considered
One workaround is to render HTML mailer templates through
ActionController, allowing Brakeman to pick them up via its existing view analysis. However, this is more of a workaround than a long-term solution and may introduce unintended behavior.Additional context
I'd be happy to help implement this feature if there’s broader interest in adding support for mailer template checks in Brakeman.
The text was updated successfully, but these errors were encountered: