aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/template/text.rb
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-11 23:29:27 -0200
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-18 15:02:29 -0300
commiteaa2101b294ef546cc3fb35cc3f49c73849ac470 (patch)
tree5605937efdb3e439df91f5a26d93466998c5f58d /actionpack/lib/action_view/template/text.rb
parent64226302d82493d9bf67aa9e4fa52b4e0269ee3d (diff)
downloadrails-eaa2101b294ef546cc3fb35cc3f49c73849ac470.tar.gz
rails-eaa2101b294ef546cc3fb35cc3f49c73849ac470.tar.bz2
rails-eaa2101b294ef546cc3fb35cc3f49c73849ac470.zip
Escape format, negative_format and units options of number helpers
Previously the values of these options were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2014-0081
Diffstat (limited to 'actionpack/lib/action_view/template/text.rb')
0 files changed, 0 insertions, 0 deletions