You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Interesting! Thanks for the find - I'll need to dig a bit deeper into this feature add, because existing .heex support like you linked is all based around reading entire template files and not strings within .ex files. Therefore it wouldn't be simply a matter of adjusting the existing rule, but more than likely creating a brand new rule or revamping the existing one to also consider .ex files with ~H"...".
To be honest, I'm also not sure Sobelow currently identifies / pulls out sigils in any sort of way - so I would need to look into that before confirming how difficult an adjustment this is. But this is still a great callout to improve detections!
While
sobelow
analyses.heex
templates, it seems it ignores completely HEEX templates using~H"..."
.For some tests, in particular XSS, this is a critical issue.
The text was updated successfully, but these errors were encountered: