diff options
author | Michael Koziarski <michael@koziarski.com> | 2013-11-13 16:14:07 +1300 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-12-02 13:49:41 -0800 |
commit | 5ed70c591fa086d745b35a16713d91fc0e3ec858 (patch) | |
tree | 20110125ef1e34d4c68d5fab196769d4476cdf7c /actionpack/lib | |
parent | bee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068 (diff) | |
download | rails-5ed70c591fa086d745b35a16713d91fc0e3ec858.tar.gz rails-5ed70c591fa086d745b35a16713d91fc0e3ec858.tar.bz2 rails-5ed70c591fa086d745b35a16713d91fc0e3ec858.zip |
Escape the unit value provided to number_to_currency
Fixes CVE-2013-6415
Previously the values were trusted blindly allowing for potential XSS attacks.
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_view/helpers/number_helper.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb index ad86d13456..eee9e59a24 100644 --- a/actionpack/lib/action_view/helpers/number_helper.rb +++ b/actionpack/lib/action_view/helpers/number_helper.rb @@ -156,7 +156,7 @@ module ActionView begin value = number_with_precision(number, options.merge(:raise => true)) - format.gsub(/%n/, value).gsub(/%u/, unit).html_safe + format.gsub(/%n/, ERB::Util.html_escape(value)).gsub(/%u/, ERB::Util.html_escape(unit)).html_safe rescue InvalidNumberError => e if options[:raise] raise |