diff options
author | Andrew Carpenter <andrew@criticaljuncture.org> | 2016-07-28 16:12:21 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-08-10 15:22:31 -0700 |
commit | 4bcccf5ecd81a6272479537911b7d9760c5be164 (patch) | |
tree | b4b963ba1d9ad119180b8506813480b7a8fe1706 /actionpack/lib/action_view/renderer/partial_renderer.rb | |
parent | 1ac2ddbc433ec96dd06affb6f10f33d9eb12d52a (diff) | |
download | rails-4bcccf5ecd81a6272479537911b7d9760c5be164.tar.gz rails-4bcccf5ecd81a6272479537911b7d9760c5be164.tar.bz2 rails-4bcccf5ecd81a6272479537911b7d9760c5be164.zip |
ensure tag/content_tag escapes " in attribute vals
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
Diffstat (limited to 'actionpack/lib/action_view/renderer/partial_renderer.rb')
0 files changed, 0 insertions, 0 deletions