diff options
author | Damien Burke <damien@damienburke.com> | 2015-11-03 17:17:10 -0800 |
---|---|---|
committer | Damien Burke <damien@damienburke.com> | 2015-11-03 17:20:48 -0800 |
commit | ab5fb4f22430afa58c334f7e7e142660164490e5 (patch) | |
tree | fbb50859955bddc1fa48dbe1667eb6ae1b8b1596 /actionview/lib/action_view/test_case.rb | |
parent | e37b470a6675a05df5a57455a3ac8c1c88ef04d6 (diff) | |
download | rails-ab5fb4f22430afa58c334f7e7e142660164490e5.tar.gz rails-ab5fb4f22430afa58c334f7e7e142660164490e5.tar.bz2 rails-ab5fb4f22430afa58c334f7e7e142660164490e5.zip |
Don’t allow arbitrary data in back urls
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
Diffstat (limited to 'actionview/lib/action_view/test_case.rb')
0 files changed, 0 insertions, 0 deletions