Feedback page (#1160)

* Add feedback page * Only show latest release on changelog * Constrain changelog height * Ignore sanitization warning for Github content * Add cassette for Github release notes * Lint fix
2025-08-02 20:15:22 +02:00 · 2024-09-09 16:54:56 -04:00 · 2024-09-09 16:54:56 -04:00 · eebc07d75e
commit eebc07d75e
parent c30c1b9698
10 changed files with 310 additions and 37 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -23,6 +23,40 @@
      ],
      "note": ""
    },
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "b1f821a5c03b8aa348fb21b9297081a3bf9e954244290e7e511c67213d35f3dc",
+      "check_name": "CrossSiteScripting",
+      "message": "Unescaped model attribute",
+      "file": "app/views/pages/changelog.html.erb",
+      "line": 22,
+      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "Provider::Github.new.fetch_latest_release_notes[:body]",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "PagesController",
+          "method": "changelog",
+          "line": 35,
+          "file": "app/controllers/pages_controller.rb",
+          "rendered": {
+            "name": "pages/changelog",
+            "file": "app/views/pages/changelog.html.erb"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "pages/changelog"
+      },
+      "user_input": null,
+      "confidence": "High",
+      "cwe_id": [
+        79
+      ],
+      "note": ""
+    },
    {
      "warning_type": "Dynamic Render Path",
      "warning_code": 15,
@ -58,6 +92,6 @@
      "note": ""
    }
  ],
-  "updated": "2024-08-23 08:29:05 -0400",
+  "updated": "2024-09-09 14:56:48 -0400",
  "brakeman_version": "6.2.1"
 }