aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2013-11-19 09:00:08 +1300
committerAaron Patterson <aaron.patterson@gmail.com>2013-12-02 16:42:07 -0800
commitbea9c9b4c0f9bb7356ea2058118fe40495432010 (patch)
tree477cc678a86d5d6b04807f12b9ea3cf1eb9136ff /actionview
parentb31a7a6f1ec3c74f75b4cd12386b08295287418d (diff)
downloadrails-bea9c9b4c0f9bb7356ea2058118fe40495432010.tar.gz
rails-bea9c9b4c0f9bb7356ea2058118fe40495432010.tar.bz2
rails-bea9c9b4c0f9bb7356ea2058118fe40495432010.zip
Ensure simple_format escapes its html attributes
The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb
Diffstat (limited to 'actionview')
-rw-r--r--actionview/lib/action_view/helpers/text_helper.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb
index b0e4aa3cd3..0c956670b6 100644
--- a/actionview/lib/action_view/helpers/text_helper.rb
+++ b/actionview/lib/action_view/helpers/text_helper.rb
@@ -268,7 +268,7 @@ module ActionView
content_tag(wrapper_tag, nil, html_options)
else
paragraphs.map! { |paragraph|
- content_tag(wrapper_tag, paragraph, html_options, false)
+ content_tag(wrapper_tag, raw(paragraph), html_options, false)
}.join("\n\n").html_safe
end
end