diff options
| author | Michael Koziarski <michael@koziarski.com> | 2009-08-31 12:07:30 -0700 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2009-09-04 09:25:38 +1200 |
| commit | b16e0c922344da256ab977fd5e7a7f69e0be90fc (patch) | |
| tree | 6d92ec5c5a719dfe9a0803158d60fd1d97528c0d | |
| parent | 9a73630d935e360f3dc896e50dd673afb97cf3b5 (diff) | |
| download | rails-b16e0c922344da256ab977fd5e7a7f69e0be90fc.tar.gz rails-b16e0c922344da256ab977fd5e7a7f69e0be90fc.tar.bz2 rails-b16e0c922344da256ab977fd5e7a7f69e0be90fc.zip | |
Clean tag attributes before passing through the escape_once logic.
Addresses CVE-2009-3009
| -rw-r--r-- | actionpack/lib/action_view/helpers/tag_helper.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index ff5a2134ff..7fae0f6b8d 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -106,7 +106,7 @@ module ActionView # escape_once("<< Accept & Checkout") # # => "<< Accept & Checkout" def escape_once(html) - html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } + ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } end private |