From e91e4e8bbee12ce1496bf384c04da6be296b687a Mon Sep 17 00:00:00 2001
From: Santiago Pastorino <santiago@wyeworks.com>
Date: Wed, 8 Aug 2012 14:33:39 -0700
Subject: Do not mark strip_tags result as html_safe

Thanks to Marek Labos & Nethemba

CVE-2012-3465
---
 actionpack/CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'actionpack/CHANGELOG.md')

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 9c12e09392..aceef9ae27 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,5 +1,12 @@
 ## Rails 3.2.8 ##
 
+*   There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
+    helper doesn't correctly handle malformed html.  As a result an attacker can
+    execute arbitrary javascript through the use of specially crafted malformed
+    html.
+
+    *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
+
 *   When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped.
     If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
     Vulnerable code will look something like this:
-- 
cgit v1.2.3