From e91e4e8bbee12ce1496bf384c04da6be296b687a Mon Sep 17 00:00:00 2001
From: Santiago Pastorino <santiago@wyeworks.com>
Date: Wed, 8 Aug 2012 14:33:39 -0700
Subject: Do not mark strip_tags result as html_safe

Thanks to Marek Labos & Nethemba

CVE-2012-3465
---
 actionpack/test/template/sanitize_helper_test.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack/test')

diff --git a/actionpack/test/template/sanitize_helper_test.rb b/actionpack/test/template/sanitize_helper_test.rb
index 222d4dbf4c..cc93b53ea6 100644
--- a/actionpack/test/template/sanitize_helper_test.rb
+++ b/actionpack/test/template/sanitize_helper_test.rb
@@ -42,9 +42,9 @@ class SanitizeHelperTest < ActionView::TestCase
     [nil, '', '   '].each do |blank|
       stripped = strip_tags(blank)
       assert_equal blank, stripped
-      assert stripped.html_safe? unless blank.nil?
     end
-    assert strip_tags("<script>").html_safe?
+    assert_equal "", strip_tags("<script>")
+    assert_equal "something &lt;img onerror=alert(1337)", ERB::Util.html_escape(strip_tags("something <img onerror=alert(1337)"))
   end
 
   def test_sanitize_is_marked_safe
-- 
cgit v1.2.3