rails.git - Mirror of official rails repo with custom fixes.

diff options

author	Santiago Pastorino <santiago@wyeworks.com>	2012-07-31 22:25:54 -0300
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2012-08-02 17:09:37 -0300
commit	2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae (patch)
tree	70e5d9cf8bf64b73d60b4798828f8aa59a488236 /actionmailer
parent	96e92b616264c26a5c1c2a50f0495c119a869772 (diff)
download	rails-2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae.tar.gz rails-2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae.tar.bz2 rails-2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae.zip

html_escape should escape single quotes

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb

Diffstat (limited to 'actionmailer')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: