aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/test/models/price_estimate.rb
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-11 23:36:10 -0200
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-18 15:38:50 -0300
commit08d0a11a3f62718d601d39e617c834759cf59bbb (patch)
tree947e6e8afb68c7e0cdeb51d90b34023972aa1856 /activerecord/test/models/price_estimate.rb
parentf706d5f945c5751072bb90d080aff154e6858435 (diff)
downloadrails-08d0a11a3f62718d601d39e617c834759cf59bbb.tar.gz
rails-08d0a11a3f62718d601d39e617c834759cf59bbb.tar.bz2
rails-08d0a11a3f62718d601d39e617c834759cf59bbb.zip
Escape format, negative_format and units options of number helpers
Previously the values of these options were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2014-0081
Diffstat (limited to 'activerecord/test/models/price_estimate.rb')
0 files changed, 0 insertions, 0 deletions