Handle more unsafe String methods (#33990)

* Handle more unsafe String methods * Fix codeclimate issue * Revert stylistic change [Janosch Müller + Rafael Mendonça França]
author: Janosch Müller <janosch84@gmail.com> 2018-09-28 02:50:21 +0200
committer: Rafael França <rafaelmfranca@gmail.com> 2018-09-27 20:50:21 -0400
commit: 47f2686148bcaa04f24c1ed895d75ff877be12e9 (patch)
tree: 888f05b2c6892e83638954201ecb040a910ef1c2 /activesupport/CHANGELOG.md
parent: 6b9cc6fee11df3070eaa7621c004669c64f9f69d (diff)
download: rails-47f2686148bcaa04f24c1ed895d75ff877be12e9.tar.gz
rails-47f2686148bcaa04f24c1ed895d75ff877be12e9.tar.bz2
rails-47f2686148bcaa04f24c1ed895d75ff877be12e9.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index 37bd4da15e..39f366bc88 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,8 @@
+*   Treat `#delete_prefix`, `#delete_suffix` and `#unicode_normalize` results as non-`html_safe`.
+    Ensure safety of arguments for `#insert`, `#[]=` and `#replace` calls on `html_safe` Strings.
+
+    *Janosch Müller*
+
 *   Changed `ActiveSupport::TaggedLogging.new` to return a new logger instance instead
     of mutating the one received as parameter.
author	Janosch Müller <janosch84@gmail.com>	2018-09-28 02:50:21 +0200
committer	Rafael França <rafaelmfranca@gmail.com>	2018-09-27 20:50:21 -0400
commit	47f2686148bcaa04f24c1ed895d75ff877be12e9 (patch)
tree	888f05b2c6892e83638954201ecb040a910ef1c2 /activesupport/CHANGELOG.md
parent	6b9cc6fee11df3070eaa7621c004669c64f9f69d (diff)
download	rails-47f2686148bcaa04f24c1ed895d75ff877be12e9.tar.gz rails-47f2686148bcaa04f24c1ed895d75ff877be12e9.tar.bz2 rails-47f2686148bcaa04f24c1ed895d75ff877be12e9.zip