diff options
author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-11 23:29:27 -0200 |
---|---|---|
committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:02:29 -0300 |
commit | eaa2101b294ef546cc3fb35cc3f49c73849ac470 (patch) | |
tree | 5605937efdb3e439df91f5a26d93466998c5f58d /actionpack/lib/action_view/template/text.rb | |
parent | 64226302d82493d9bf67aa9e4fa52b4e0269ee3d (diff) | |
download | rails-eaa2101b294ef546cc3fb35cc3f49c73849ac470.tar.gz rails-eaa2101b294ef546cc3fb35cc3f49c73849ac470.tar.bz2 rails-eaa2101b294ef546cc3fb35cc3f49c73849ac470.zip |
Escape format, negative_format and units options of number helpers
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
Diffstat (limited to 'actionpack/lib/action_view/template/text.rb')
0 files changed, 0 insertions, 0 deletions