diff options
| author | Vijay Dev <vijaydev.cse@gmail.com> | 2012-08-04 15:18:35 +0530 |
|---|---|---|
| committer | Vijay Dev <vijaydev.cse@gmail.com> | 2012-08-04 15:18:35 +0530 |
| commit | 3d3fa165e40c8cdaaebdab9dd2985d0ca3a36236 (patch) | |
| tree | 21ae9b984d34c9487628097f3933f8fa14a3558f /guides/source/security.textile | |
| parent | c963f883a41913624363bfd8203b5640318198c2 (diff) | |
| parent | b51201242aaf77c6db5a9b2f72e433c521df79c5 (diff) | |
| download | rails-3d3fa165e40c8cdaaebdab9dd2985d0ca3a36236.tar.gz rails-3d3fa165e40c8cdaaebdab9dd2985d0ca3a36236.tar.bz2 rails-3d3fa165e40c8cdaaebdab9dd2985d0ca3a36236.zip | |
Merge branch 'master' of github.com:lifo/docrails
Conflicts:
activemodel/lib/active_model/secure_password.rb
activerecord/lib/active_record/associations/collection_proxy.rb
Diffstat (limited to 'guides/source/security.textile')
| -rw-r--r-- | guides/source/security.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.textile b/guides/source/security.textile index 8879122b66..49e5da6bb7 100644 --- a/guides/source/security.textile +++ b/guides/source/security.textile @@ -608,7 +608,7 @@ This URL passes the filter because the regular expression matches – the second link_to "Homepage", @user.homepage </ruby> -The link looks innocent to visitors, but when it's clicked, it will execute the javascript function "exploit_code" or any other javascript the attacker provides. +The link looks innocent to visitors, but when it's clicked, it will execute the JavaScript function "exploit_code" or any other JavaScript the attacker provides. To fix the regular expression, \A and \z should be used instead of ^ and $, like so: |