Added note for brakeman false positive warnings (closes #243) [ci-skip]

ddnexus · Mar 16, 2021 · b24b86d · b24b86d
1 parent df3c8d6
commit b24b86d
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/docs/how-to.md b/docs/how-to.md
@@ -58,7 +58,7 @@ This page contains the practical tips and examples to get the job done with Pagy
             - with a fast helper (also styled for  [bootstrap](extras/bootstrap.md), [bulma](extras/bulma.md), [foundation](extras/foundation.md), [materialize](extras/materialize.md), [semantic](extras/semantic.md), [uikit](extras/uikit.md) and available in different flavors (static, responsive, compact, etc.)
 
                 ```erb
-                <%# Note the double equals sign "==" which marks the output as trusted and html safe: %>                
+                <%# Note the double equals sign "==" which marks the output as trusted and html safe: %>
                 <%== pagy_nav(@pagy) %>
                 ```
             - or with an easy customizable template:
@@ -620,6 +620,12 @@ end
 
 but it would be quite an overkill if you plan to install it only for this purpose.
 
+## Ignoring Brakeman UnescapedOutputs false postives warnings
+
+Pagy output html safe HTML, however, being an agnostic pagination gem it does not use the specific `html_safe` rails helper on its output. That is noted by the [Brakeman](https://github.com/presidentbeef/brakeman) gem, that will raise a warning.
+
+You can avoid the warning adding it to the `brakeman.ignore` file. More details [here](https://github.com/ddnexus/pagy/issues/243) and [here](https://github.com/presidentbeef/brakeman/issues/1519).
+
 ## Handling Pagy::OverflowError exceptions
 
 Pass an overflowing `:page` number and Pagy will raise a `Pagy::OverflowError` exception.