From bea9c9b4c0f9bb7356ea2058118fe40495432010 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Tue, 19 Nov 2013 09:00:08 +1300
Subject: Ensure simple_format escapes its html attributes

The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.

This fixes CVE-2013-6416

Conflicts:
	actionview/lib/action_view/helpers/text_helper.rb
---
 actionview/lib/action_view/helpers/text_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionview')

diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb
index b0e4aa3cd3..0c956670b6 100644
--- a/actionview/lib/action_view/helpers/text_helper.rb
+++ b/actionview/lib/action_view/helpers/text_helper.rb
@@ -268,7 +268,7 @@ module ActionView
           content_tag(wrapper_tag, nil, html_options)
         else
           paragraphs.map! { |paragraph|
-            content_tag(wrapper_tag, paragraph, html_options, false)
+            content_tag(wrapper_tag, raw(paragraph), html_options, false)
           }.join("\n\n").html_safe
         end
       end
-- 
cgit v1.2.3