aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/view_paths.rb
diff options
context:
space:
mode:
authorAndrew Carpenter <andrew@criticaljuncture.org>2016-07-28 16:12:21 -0700
committerAaron Patterson <aaron.patterson@gmail.com>2016-08-11 10:47:46 -0700
commit4394e9075189ee6031944491aecd64fb269cdf54 (patch)
tree0f9a9e118875666ae5225713fef44125fc28a11d /actionview/lib/action_view/view_paths.rb
parentb9f71e49ae43c53258da95bda50325a8d0c99a52 (diff)
downloadrails-4394e9075189ee6031944491aecd64fb269cdf54.tar.gz
rails-4394e9075189ee6031944491aecd64fb269cdf54.tar.bz2
rails-4394e9075189ee6031944491aecd64fb269cdf54.zip
ensure tag/content_tag escapes " in attribute vals
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))` CVE-2016-6316
Diffstat (limited to 'actionview/lib/action_view/view_paths.rb')
0 files changed, 0 insertions, 0 deletions