Class: Simplabs::Excellent::Checks::Rails::ParamsHashInViewCheck

Inherits:

Base

• Object
• Base
• Simplabs::Excellent::Checks::Rails::ParamsHashInViewCheck

Defined in:

lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb

Overview

This check reports views (and partials) that access the params hash. Accessing the params hash directly in views can result in security problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the application that is responsible for dealing with parameters, is circumvented.

Applies to

• partials and regular views

Instance Attribute Summary

Attributes inherited from Base

#interesting_files, #interesting_nodes, #warnings

Instance Method Summary

• #evaluate(context) ⇒ Object

  :nodoc:.

• #initialize ⇒ ParamsHashInViewCheck constructor

  :nodoc:.

Methods inherited from Base

#add_warning, #evaluate_node, #warnings_for

Constructor Details

#initialize ⇒ ParamsHashInViewCheck

:nodoc:

# File 'lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb', line 20

def initialize #:nodoc:
  super
  @interesting_nodes = [:call]
  @interesting_files = [/^.*\.(erb|rhtml)$/]
end

Instance Method Details

#evaluate(context) ⇒ Object

:nodoc:

# File 'lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb', line 26

def evaluate(context) #:nodoc:
  add_warning(context, 'Params hash used in view.') if (context.full_name == 'params')
end