Brakeman 警告动态渲染路径
Brakeman Warning Dynamic Render Path
我有代码。
users_controller.rb
def show
@user = User.find_by id: params[:id]
@microposts = @user.microposts.order_micropost.paginate(page: params[:page], per_page: 5)
end
和view/user/show.html.erb
<% provide :title, @user.name %>
<div class="row">
<aside class="col-md-4">
<section class="user-info">
<h1>
<%= gravatar_for @user %>
<%= @user.name %>
</h1>
</section>
</aside>
<div class="col-md-8">
<% if @user.microposts.any? %>
<h3><%= t ".count_microposts", count: @user.microposts.count %></h3>
<ol class="microposts">
<%= render @microposts %>
</ol>
<%= will_paginate @microposts %>
<% end %>
</div>
</div>
在micropost/_micropost.html.erb
<li id="micropost-<%= micropost.id %>">
<span class="user">
<%= link_to micropost.user.name, micropost.user %>
</span>
<span class="content">
<%= micropost.content %>
<%= image_tag micropost.picture.url if micropost.picture? %>
</span>
<span class="timestamp">
<span class="timeago" title=<%= micropost.created_at %>></span>
<% if current_user.current_user?(micropost.user) %>
<%= link_to t(".delete"), micropost, method: :delete,
data: { confirm: t(".confirm") } %>
<% end %>
</span>
</li>
我 brakenman 警告动态渲染路径,并突出显示 <%= render @microposts %>。我怎样才能修复它以通过 brakenman?
这是准确的错误:
Render path contains parameter value near line 15: render(action => User.find_by(:id => params[:id]).microposts.order_micropost.paginate(:page => params[:page]), {})
这是brakeman的一个已知问题,如果你只是想让代码通过brakeman,你可以将<%= render @microposts %>更改为<%= render partial: 'micropost', :collection => @microposts %>。
在我的例子中不需要 partial 和 collection,我从:
render @attendance
至
render "attendances/attendance", attendance: @attendance
我有代码。
users_controller.rb
def show
@user = User.find_by id: params[:id]
@microposts = @user.microposts.order_micropost.paginate(page: params[:page], per_page: 5)
end
和view/user/show.html.erb
<% provide :title, @user.name %>
<div class="row">
<aside class="col-md-4">
<section class="user-info">
<h1>
<%= gravatar_for @user %>
<%= @user.name %>
</h1>
</section>
</aside>
<div class="col-md-8">
<% if @user.microposts.any? %>
<h3><%= t ".count_microposts", count: @user.microposts.count %></h3>
<ol class="microposts">
<%= render @microposts %>
</ol>
<%= will_paginate @microposts %>
<% end %>
</div>
</div>
在micropost/_micropost.html.erb
<li id="micropost-<%= micropost.id %>">
<span class="user">
<%= link_to micropost.user.name, micropost.user %>
</span>
<span class="content">
<%= micropost.content %>
<%= image_tag micropost.picture.url if micropost.picture? %>
</span>
<span class="timestamp">
<span class="timeago" title=<%= micropost.created_at %>></span>
<% if current_user.current_user?(micropost.user) %>
<%= link_to t(".delete"), micropost, method: :delete,
data: { confirm: t(".confirm") } %>
<% end %>
</span>
</li>
我 brakenman 警告动态渲染路径,并突出显示 <%= render @microposts %>。我怎样才能修复它以通过 brakenman?
这是准确的错误:
Render path contains parameter value near line 15: render(action => User.find_by(:id => params[:id]).microposts.order_micropost.paginate(:page => params[:page]), {})
这是brakeman的一个已知问题,如果你只是想让代码通过brakeman,你可以将<%= render @microposts %>更改为<%= render partial: 'micropost', :collection => @microposts %>。
在我的例子中不需要 partial 和 collection,我从:
render @attendance
至
render "attendances/attendance", attendance: @attendance