I have a code in a erb file like this
<% unless (rem_cust = RemCust.find_by_acc_id(curr_acc.id)) %>
<% else %>
<p><%= t("translate", :del => formated_date(2.days.since(rem_cust.created_at), {:format => :short_day_with_week, :include_year => true})).html_safe %></p>
<% end %>
When I run brakeman I get a warning like "Unescaped model attribute" and the type is "Cross-Site Scripting".
I tried to add ERB::Util.html_escape(rem_cust.created_at) but that didn't make the warning go away. I believe it must have something to do with the earlier line.