diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-08 15:10:35 -0700 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-09 15:48:17 -0300 |
commit | 6d0526db91afb0675c2ad3d871529d1536303c64 (patch) | |
tree | 81bff482a5ddd39587c738e6326c20e639eaa1d6 /actionpack/CHANGELOG.md | |
parent | 65b5e35e898ac09a50b61c671d98a3cf92453003 (diff) | |
download | rails-6d0526db91afb0675c2ad3d871529d1536303c64.tar.gz rails-6d0526db91afb0675c2ad3d871529d1536303c64.tar.bz2 rails-6d0526db91afb0675c2ad3d871529d1536303c64.zip |
escape select_tag :prompt values
CVE-2012-3463
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index c43ec62555..9c12e09392 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,12 @@ ## Rails 3.2.8 ## +* When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped. + If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. + Vulnerable code will look something like this: + select_tag("name", options, :prompt => UNTRUSTED_INPUT) + + *Santiago Pastorino* + * Reverted the deprecation of `:confirm`. *Rafael Mendonça França* * Reverted the deprecation of `:disable_with`. *Rafael Mendonça França* |