Hi, we run a static code analysis from GitHub using the “sonarsource/sonarqube-scan-action@master” GitHub Action, and send the report to an instance of SonarQube version 9.5.0.56709. to some apps and it didn’t give us the advice that we use the “” attribute in some lines of code. Why can this happen?
I google for it and found this ticket since 2018 that seems that SonarQube really have this feature I am right?
Hi Ann, thanks for the fast response! It is not a issue but only understand if we can have an advice or a flag when the subject attribute:“dangerouslysetinnerHTML” are in use inside any file code of a project.
Like I said before, we have some files in a project with this attribute and SonarQube didn’t give us an advice to look if it is implemented ok.
Thanks for the explanation. This rule was never implemented. From what I see in Jira, it was specified at the end of January 2018, and then rejected (Closed/Won’t Fix) less than a month later. There are no comments, so it’s not clear to me why.
That’s why I’ve moved this thread to the ‘New rules / languages’ category, to register your FN report as a request for this rule to be resurrected and implemented.
As a side note, the RSpec repository in Jira has been deprecated for a couple years now & the contents moved to (and maintained in) GitHub. (RSPEC).