Tags with invalid names should also be stripped in order to prevent

XSS attacks. Thanks Sascha Depold for the report.
author: Aaron Patterson <aaron.patterson@gmail.com> 2011-08-16 15:17:49 -0700
committer: Aaron Patterson <aaron.patterson@gmail.com> 2011-08-16 15:24:48 -0700
commit: 586a944ddd4d03e66dea1093306147594748037a (patch)
tree: d98522a5455f5cde0a4e7f852e0569a92657bcd0 /actionpack/lib/action_controller/vendor
parent: 8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 (diff)
download: rails-586a944ddd4d03e66dea1093306147594748037a.tar.gz
rails-586a944ddd4d03e66dea1093306147594748037a.tar.bz2
rails-586a944ddd4d03e66dea1093306147594748037a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
index 22b3243104..4e1f016431 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
@@ -156,7 +156,7 @@ module HTML #:nodoc:
           end
 
           closing = ( scanner.scan(/\//) ? :close : nil )
-          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
           name.downcase!
 
           unless closing
author	Aaron Patterson <aaron.patterson@gmail.com>	2011-08-16 15:17:49 -0700
committer	Aaron Patterson <aaron.patterson@gmail.com>	2011-08-16 15:24:48 -0700
commit	586a944ddd4d03e66dea1093306147594748037a (patch)
tree	d98522a5455f5cde0a4e7f852e0569a92657bcd0 /actionpack/lib/action_controller/vendor
parent	8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 (diff)
download	rails-586a944ddd4d03e66dea1093306147594748037a.tar.gz rails-586a944ddd4d03e66dea1093306147594748037a.tar.bz2 rails-586a944ddd4d03e66dea1093306147594748037a.zip