diff options
author | Sean Griffin <sean@seantheprogrammer.com> | 2015-10-20 16:50:01 -0600 |
---|---|---|
committer | Sean Griffin <sean@seantheprogrammer.com> | 2015-10-20 16:50:01 -0600 |
commit | d94ae72a5259c31ea510e6341bbbf4e920312ebe (patch) | |
tree | a9bef1bd954692396f1af545d87dac207362d82c /activesupport/CHANGELOG.md | |
parent | cd46bfc54fb34f0b4ed89e00d2efbe8a0273ab0b (diff) | |
parent | 05a2a6a0c5ac2384e52df9b8c2aa81352a51d7c7 (diff) | |
download | rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.gz rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.bz2 rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.zip |
Merge pull request #19992 from greysteil/handle-invalid-utf8-in-html-escape
Handle invalid UTF-8 strings when HTML escaping
Diffstat (limited to 'activesupport/CHANGELOG.md')
-rw-r--r-- | activesupport/CHANGELOG.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index e5d945bb42..fcbb3ea372 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,3 +1,12 @@ +* Handle invalid UTF-8 strings when HTML escaping + + Use `ActiveSupport::Multibyte::Unicode.tidy_bytes` to handle invalid UTF-8 + strings in `ERB::Util.unwrapped_html_escape` and `ERB::Util.html_escape_once`. + Prevents user-entered input passed from a querystring into a form field from + causing invalid byte sequence errors. + + *Grey Baker* + * Update `ActiveSupport::Multibyte::Chars#slice!` to return `nil` if the arguments are out of bounds, to mirror the behavior of `String#slice!` |