diff options
author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-11 23:36:10 -0200 |
---|---|---|
committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:38:50 -0300 |
commit | 08d0a11a3f62718d601d39e617c834759cf59bbb (patch) | |
tree | 947e6e8afb68c7e0cdeb51d90b34023972aa1856 /railties | |
parent | f706d5f945c5751072bb90d080aff154e6858435 (diff) | |
download | rails-08d0a11a3f62718d601d39e617c834759cf59bbb.tar.gz rails-08d0a11a3f62718d601d39e617c834759cf59bbb.tar.bz2 rails-08d0a11a3f62718d601d39e617c834759cf59bbb.zip |
Escape format, negative_format and units options of number helpers
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
Diffstat (limited to 'railties')
0 files changed, 0 insertions, 0 deletions