2
97%
main: 97%

Ran 23 Jun 2026 03:42AM UTC

Files 204

Run time 14s

Badge

Embed ▾

Committed 23 Jun 2026 03:40AM UTC coverage: 97.019% (+0.01%) from 97.005%

Job # 28000525549.2

Build Type

push

github

Committed by

web-flow

Commit Message

Add `UnescapedHtml` linter (#656)

Flag HAML's unescaped-output markers (`!=`, `!~`, and dynamic plain-text
`!`) at script and tag level. These bypass HTML escaping and make it easy
to introduce XSS holes when output includes user-controlled data.

Detection uses the source marker (anchored so the Ruby `!=` operator is
not flagged); only unescaped output of dynamic content is reported.
Enabled by default, detection only.

Co-authored-by: Shane da Silva <shane@dasilva.io>

Coverage Stats

6054 of 6240 relevant lines covered (97.02%)

321.86 hits per line

sds / haml-lint / 28000525549 / 2
97%
main: 97%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job ruby3.3-haml7.2-ubuntu - 28000525549.2

sds / haml-lint / 28000525549 / 2 97% main: 97%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job ruby3.3-haml7.2-ubuntu - 28000525549.2

sds / haml-lint / 28000525549 / 2
97%
main: 97%

README BADGES
x