aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2009-08-31 12:07:30 -0700
committerMichael Koziarski <michael@koziarski.com>2009-09-04 09:25:38 +1200
commitb16e0c922344da256ab977fd5e7a7f69e0be90fc (patch)
tree6d92ec5c5a719dfe9a0803158d60fd1d97528c0d /actionpack/lib
parent9a73630d935e360f3dc896e50dd673afb97cf3b5 (diff)
downloadrails-b16e0c922344da256ab977fd5e7a7f69e0be90fc.tar.gz
rails-b16e0c922344da256ab977fd5e7a7f69e0be90fc.tar.bz2
rails-b16e0c922344da256ab977fd5e7a7f69e0be90fc.zip
Clean tag attributes before passing through the escape_once logic.
Addresses CVE-2009-3009
Diffstat (limited to 'actionpack/lib')
-rw-r--r--actionpack/lib/action_view/helpers/tag_helper.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index ff5a2134ff..7fae0f6b8d 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -106,7 +106,7 @@ module ActionView
# escape_once("&lt;&lt; Accept & Checkout")
# # => "&lt;&lt; Accept &amp; Checkout"
def escape_once(html)
- html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
+ ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
end
private