aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view.rb
diff options
context:
space:
mode:
authorAndrew Carpenter <andrew@criticaljuncture.org>2016-07-28 16:12:21 -0700
committerAaron Patterson <aaron.patterson@gmail.com>2016-08-10 15:22:31 -0700
commit4bcccf5ecd81a6272479537911b7d9760c5be164 (patch)
treeb4b963ba1d9ad119180b8506813480b7a8fe1706 /actionpack/lib/action_view.rb
parent1ac2ddbc433ec96dd06affb6f10f33d9eb12d52a (diff)
downloadrails-4bcccf5ecd81a6272479537911b7d9760c5be164.tar.gz
rails-4bcccf5ecd81a6272479537911b7d9760c5be164.tar.bz2
rails-4bcccf5ecd81a6272479537911b7d9760c5be164.zip
ensure tag/content_tag escapes " in attribute vals
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))` CVE-2016-6316
Diffstat (limited to 'actionpack/lib/action_view.rb')
0 files changed, 0 insertions, 0 deletions