aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb')
-rw-r--r--actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
index 12c8405101..ae20f9947c 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
@@ -160,7 +160,7 @@ module HTML
if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
node.attributes.delete(attr_name)
else
- node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(value)
+ node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value))
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 10:57:52 +0000