escape select_tag :prompt values

CVE-2012-3463
author: Santiago Pastorino <santiago@wyeworks.com> 2012-08-08 15:10:35 -0700
committer: Santiago Pastorino <santiago@wyeworks.com> 2012-08-09 15:48:17 -0300
commit: 6d0526db91afb0675c2ad3d871529d1536303c64 (patch)
tree: 81bff482a5ddd39587c738e6326c20e639eaa1d6 /actionpack/CHANGELOG.md
parent: 65b5e35e898ac09a50b61c671d98a3cf92453003 (diff)
download: rails-6d0526db91afb0675c2ad3d871529d1536303c64.tar.gz
rails-6d0526db91afb0675c2ad3d871529d1536303c64.tar.bz2
rails-6d0526db91afb0675c2ad3d871529d1536303c64.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index c43ec62555..9c12e09392 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,5 +1,12 @@
 ## Rails 3.2.8 ##
 
+*   When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped.
+    If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
+    Vulnerable code will look something like this:
+    select_tag("name", options, :prompt => UNTRUSTED_INPUT)
+
+    *Santiago Pastorino*
+
 *   Reverted the deprecation of `:confirm`. *Rafael Mendonça França*
 
 *   Reverted the deprecation of `:disable_with`. *Rafael Mendonça França*
author	Santiago Pastorino <santiago@wyeworks.com>	2012-08-08 15:10:35 -0700
committer	Santiago Pastorino <santiago@wyeworks.com>	2012-08-09 15:48:17 -0300
commit	6d0526db91afb0675c2ad3d871529d1536303c64 (patch)
tree	81bff482a5ddd39587c738e6326c20e639eaa1d6 /actionpack/CHANGELOG.md
parent	65b5e35e898ac09a50b61c671d98a3cf92453003 (diff)
download	rails-6d0526db91afb0675c2ad3d871529d1536303c64.tar.gz rails-6d0526db91afb0675c2ad3d871529d1536303c64.tar.bz2 rails-6d0526db91afb0675c2ad3d871529d1536303c64.zip