From b24b86d7d527f3d409a983950b6891eaf0b9de0e Mon Sep 17 00:00:00 2001 From: Domizio Demichelis Date: Tue, 16 Mar 2021 11:19:24 +0700 Subject: [PATCH] Added note for brakeman false positive warnings (closes #243) [ci-skip] --- docs/how-to.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/how-to.md b/docs/how-to.md index d648be3f6..3bb5d91b5 100644 --- a/docs/how-to.md +++ b/docs/how-to.md @@ -58,7 +58,7 @@ This page contains the practical tips and examples to get the job done with Pagy - with a fast helper (also styled for [bootstrap](extras/bootstrap.md), [bulma](extras/bulma.md), [foundation](extras/foundation.md), [materialize](extras/materialize.md), [semantic](extras/semantic.md), [uikit](extras/uikit.md) and available in different flavors (static, responsive, compact, etc.) ```erb - <%# Note the double equals sign "==" which marks the output as trusted and html safe: %> + <%# Note the double equals sign "==" which marks the output as trusted and html safe: %> <%== pagy_nav(@pagy) %> ``` - or with an easy customizable template: @@ -620,6 +620,12 @@ end but it would be quite an overkill if you plan to install it only for this purpose. +## Ignoring Brakeman UnescapedOutputs false postives warnings + +Pagy output html safe HTML, however, being an agnostic pagination gem it does not use the specific `html_safe` rails helper on its output. That is noted by the [Brakeman](https://github.com/presidentbeef/brakeman) gem, that will raise a warning. + +You can avoid the warning adding it to the `brakeman.ignore` file. More details [here](https://github.com/ddnexus/pagy/issues/243) and [here](https://github.com/presidentbeef/brakeman/issues/1519). + ## Handling Pagy::OverflowError exceptions Pass an overflowing `:page` number and Pagy will raise a `Pagy::OverflowError` exception.