From 3a6ee2ea987918505db3eb6a88e7e4b7b4131ce4 Mon Sep 17 00:00:00 2001
From: sto <puz.github.sto.happiness841@passmail.net>
Date: Wed, 3 Dec 2025 15:29:34 +0100
Subject: [PATCH] Add QR codes inline HTML in Brakeman ignore list

https://gitea.puzzle-scoreboard.org/sto/puzzle-scoreboard/issues/18
---
 config/brakeman.ignore | 73 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 config/brakeman.ignore

diff --git a/config/brakeman.ignore b/config/brakeman.ignore
new file mode 100644
index 0000000..fa2df39
--- /dev/null
+++ b/config/brakeman.ignore
@@ -0,0 +1,73 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "00462a5825f8e46fe0b5167b1c822296cb5d8443117790a04966ba059a260f2b",
+      "check_name": "CrossSiteScripting",
+      "message": "Unescaped model attribute",
+      "file": "app/views/contestants/generate_qrcodes.html.slim",
+      "line": 20,
+      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "Contest.find(params[:contest_id]).contestants.sort_by do\n contestant.name\n end[((row * 4) + col)].qrcode",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "ContestantsController",
+          "method": "generate_qrcodes",
+          "line": 126,
+          "file": "app/controllers/contestants_controller.rb",
+          "rendered": {
+            "name": "contestants/generate_qrcodes",
+            "file": "app/views/contestants/generate_qrcodes.html.slim"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "contestants/generate_qrcodes"
+      },
+      "user_input": "Contest.find(params[:contest_id]).contestants",
+      "confidence": "Weak",
+      "cwe_id": [
+        79
+      ],
+      "note": "SVG HTML code is generated by the app"
+    },
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "d17a497a9b261007930226914a64e99d6f6237c99cc1c33c88745e1341ac4fb7",
+      "check_name": "CrossSiteScripting",
+      "message": "Unescaped model attribute",
+      "file": "app/views/contestants/generate_qrcodes_pdf.html.slim",
+      "line": 11,
+      "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "Contest.find(params[:contest_id]).contestants.sort_by do\n contestant.name\n end[((row * 4) + col)].qrcode",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "ContestantsController",
+          "method": "generate_qrcodes_pdf",
+          "line": 135,
+          "file": "app/controllers/contestants_controller.rb",
+          "rendered": {
+            "name": "contestants/generate_qrcodes_pdf",
+            "file": "app/views/contestants/generate_qrcodes_pdf.html.slim"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "contestants/generate_qrcodes_pdf"
+      },
+      "user_input": "Contest.find(params[:contest_id]).contestants",
+      "confidence": "Weak",
+      "cwe_id": [
+        79
+      ],
+      "note": "SVG HTML code is generated by the app"
+    }
+  ],
+  "brakeman_version": "7.1.1"
+}