diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 17:45:43 -0800 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 17:45:43 -0800 |
commit | 3062bc70eff68397a00fc652e8eee4ae8089e0a2 (patch) | |
tree | 89a09a8093668130ff46de1ef024c2e41f8e3861 /actionpack/lib | |
parent | 2191aa47acc0a560366c8c09fa9635602cff5f07 (diff) | |
download | rails-3062bc70eff68397a00fc652e8eee4ae8089e0a2.tar.gz rails-3062bc70eff68397a00fc652e8eee4ae8089e0a2.tar.bz2 rails-3062bc70eff68397a00fc652e8eee4ae8089e0a2.zip |
HTML-escape csrf meta contents
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_view/helpers/csrf_helper.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 6f98bd4573..41c6b67f91 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -4,7 +4,7 @@ module ActionView # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head. def csrf_meta_tag if protect_against_forgery? - %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe + %(<meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>).html_safe end end end |