Merge pull request #19992 from greysteil/handle-invalid-utf8-in-html-escape

Handle invalid UTF-8 strings when HTML escaping
author: Sean Griffin <sean@seantheprogrammer.com> 2015-10-20 16:50:01 -0600
committer: Sean Griffin <sean@seantheprogrammer.com> 2015-10-20 16:50:01 -0600
commit: d94ae72a5259c31ea510e6341bbbf4e920312ebe (patch)
tree: a9bef1bd954692396f1af545d87dac207362d82c /activesupport/CHANGELOG.md
parent: cd46bfc54fb34f0b4ed89e00d2efbe8a0273ab0b (diff)
parent: 05a2a6a0c5ac2384e52df9b8c2aa81352a51d7c7 (diff)
download: rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.gz
rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.bz2
rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index e5d945bb42..fcbb3ea372 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,12 @@
+*   Handle invalid UTF-8 strings when HTML escaping
+
+    Use `ActiveSupport::Multibyte::Unicode.tidy_bytes` to handle invalid UTF-8
+    strings in `ERB::Util.unwrapped_html_escape` and `ERB::Util.html_escape_once`.
+    Prevents user-entered input passed from a querystring into a form field from
+    causing invalid byte sequence errors.
+
+    *Grey Baker*
+
 *   Update `ActiveSupport::Multibyte::Chars#slice!` to return `nil` if the
     arguments are out of bounds, to mirror the behavior of `String#slice!`
author	Sean Griffin <sean@seantheprogrammer.com>	2015-10-20 16:50:01 -0600
committer	Sean Griffin <sean@seantheprogrammer.com>	2015-10-20 16:50:01 -0600
commit	d94ae72a5259c31ea510e6341bbbf4e920312ebe (patch)
tree	a9bef1bd954692396f1af545d87dac207362d82c /activesupport/CHANGELOG.md
parent	cd46bfc54fb34f0b4ed89e00d2efbe8a0273ab0b (diff)
parent	05a2a6a0c5ac2384e52df9b8c2aa81352a51d7c7 (diff)
download	rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.gz rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.bz2 rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.zip