diff options
author | Andrew Carpenter <andrew@criticaljuncture.org> | 2016-07-28 16:12:21 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-08-11 10:47:46 -0700 |
commit | 4394e9075189ee6031944491aecd64fb269cdf54 (patch) | |
tree | 0f9a9e118875666ae5225713fef44125fc28a11d /actionview/lib/action_view/view_paths.rb | |
parent | b9f71e49ae43c53258da95bda50325a8d0c99a52 (diff) | |
download | rails-4394e9075189ee6031944491aecd64fb269cdf54.tar.gz rails-4394e9075189ee6031944491aecd64fb269cdf54.tar.bz2 rails-4394e9075189ee6031944491aecd64fb269cdf54.zip |
ensure tag/content_tag escapes " in attribute vals
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
Diffstat (limited to 'actionview/lib/action_view/view_paths.rb')
0 files changed, 0 insertions, 0 deletions