diff options
author | Michael Koziarski <michael@koziarski.com> | 2013-11-19 09:00:08 +1300 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-12-02 16:42:07 -0800 |
commit | bea9c9b4c0f9bb7356ea2058118fe40495432010 (patch) | |
tree | 477cc678a86d5d6b04807f12b9ea3cf1eb9136ff /tasks | |
parent | b31a7a6f1ec3c74f75b4cd12386b08295287418d (diff) | |
download | rails-bea9c9b4c0f9bb7356ea2058118fe40495432010.tar.gz rails-bea9c9b4c0f9bb7356ea2058118fe40495432010.tar.bz2 rails-bea9c9b4c0f9bb7356ea2058118fe40495432010.zip |
Ensure simple_format escapes its html attributes
The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.
This fixes CVE-2013-6416
Conflicts:
actionview/lib/action_view/helpers/text_helper.rb
Diffstat (limited to 'tasks')
0 files changed, 0 insertions, 0 deletions