diff options
| author | Michael Koziarski <michael@koziarski.com> | 2013-11-01 11:50:05 +1300 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-12-02 14:02:15 -0800 |
| commit | 78790e4bceedc632cb40f9597792d7e27234138a (patch) | |
| tree | 4674ee7ae675a134f3481523bfd6eef450344512 /actionpack/test | |
| parent | 5ed70c591fa086d745b35a16713d91fc0e3ec858 (diff) | |
| download | rails-78790e4bceedc632cb40f9597792d7e27234138a.tar.gz rails-78790e4bceedc632cb40f9597792d7e27234138a.tar.bz2 rails-78790e4bceedc632cb40f9597792d7e27234138a.zip | |
Stop using i18n's built in HTML error handling.
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans. Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.
Fixes: CVE-2013-4491
Conflicts:
actionpack/lib/action_view/helpers/translation_helper.rb
Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/template/translation_helper_test.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/test/template/translation_helper_test.rb b/actionpack/test/template/translation_helper_test.rb index 397de9c2ce..ebf0f892e6 100644 --- a/actionpack/test/template/translation_helper_test.rb +++ b/actionpack/test/template/translation_helper_test.rb @@ -30,7 +30,7 @@ class TranslationHelperTest < ActiveSupport::TestCase end def test_delegates_to_i18n_setting_the_rescue_format_option_to_html - I18n.expects(:translate).with(:foo, :locale => 'en', :rescue_format => :html).returns("") + I18n.expects(:translate).with(:foo, :locale => 'en', :raise=>true).returns("") translate :foo, :locale => 'en' end |