aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/request/query_string_parsing_test.rb
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2013-11-13 16:14:07 +1300
committerAaron Patterson <aaron.patterson@gmail.com>2013-12-02 13:49:41 -0800
commit5ed70c591fa086d745b35a16713d91fc0e3ec858 (patch)
tree20110125ef1e34d4c68d5fab196769d4476cdf7c /actionpack/test/dispatch/request/query_string_parsing_test.rb
parentbee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068 (diff)
downloadrails-5ed70c591fa086d745b35a16713d91fc0e3ec858.tar.gz
rails-5ed70c591fa086d745b35a16713d91fc0e3ec858.tar.bz2
rails-5ed70c591fa086d745b35a16713d91fc0e3ec858.zip
Escape the unit value provided to number_to_currency
Fixes CVE-2013-6415 Previously the values were trusted blindly allowing for potential XSS attacks.
Diffstat (limited to 'actionpack/test/dispatch/request/query_string_parsing_test.rb')
0 files changed, 0 insertions, 0 deletions