aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/helpers/capture_helper.rb
diff options
context:
space:
mode:
authoryui-knk <spiketeika@gmail.com>2015-09-25 08:49:57 +0900
committeryui-knk <spiketeika@gmail.com>2015-09-25 08:49:57 +0900
commit14d265217a40a98f430961fd5e32713176ceccf9 (patch)
tree2b4804160e37e5fb6dcf3a360190bcf38feee2cf /actionview/lib/action_view/helpers/capture_helper.rb
parent4a375a83deab7a3089e718a1d18ddc4c2846cd40 (diff)
downloadrails-14d265217a40a98f430961fd5e32713176ceccf9.tar.gz
rails-14d265217a40a98f430961fd5e32713176ceccf9.tar.bz2
rails-14d265217a40a98f430961fd5e32713176ceccf9.zip
Quote prepared statements of `sanitize_sql_array`
Sure unquoted SQL code pass test, but this % style prepared statements are dangerous. Test codes and code examples are also "Rails" codes, so quote placeholder of prepared statements.
Diffstat (limited to 'actionview/lib/action_view/helpers/capture_helper.rb')
0 files changed, 0 insertions, 0 deletions