diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-09 18:15:59 -0300 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-09 18:15:59 -0300 |
commit | 7987e7419a75b5677841c4f215791a73083a154a (patch) | |
tree | 7164002ad5b52dd5a52114cfd9a4a2f7c5fc7049 /actionpack/CHANGELOG.md | |
parent | 0f9a6a7c80a2beeaace875d8a9d89a164811d729 (diff) | |
parent | 64146cf7babe35fd962576b699fa0deb4cfe0d70 (diff) | |
download | rails-7987e7419a75b5677841c4f215791a73083a154a.tar.gz rails-7987e7419a75b5677841c4f215791a73083a154a.tar.bz2 rails-7987e7419a75b5677841c4f215791a73083a154a.zip |
Merge branch '3-2-8' into 3-2-stable
Diffstat (limited to 'actionpack/CHANGELOG.md')
-rw-r--r-- | actionpack/CHANGELOG.md | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 6a55fc2b9f..9d413c8fb3 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -3,7 +3,21 @@ * `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist* -## Rails 3.2.8 ## +## Rails 3.2.8 (Aug 9, 2012) ## + +* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the + helper doesn't correctly handle malformed html. As a result an attacker can + execute arbitrary javascript through the use of specially crafted malformed + html. + + *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino* + +* When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped. + If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. + Vulnerable code will look something like this: + select_tag("name", options, :prompt => UNTRUSTED_INPUT) + + *Santiago Pastorino* * Reverted the deprecation of `:confirm`. *Rafael Mendonça França* |