From c388393e8c59b5e799cebf42ac7fcde52440c824 Mon Sep 17 00:00:00 2001
From: Toshi MARUYAMA <marutosijp2@yahoo.co.jp>
Date: Fri, 27 Jan 2017 13:53:13 +0900
Subject: use rails-html-sanitizer >= 1.0.3

CVE-2015-7579 says rails-html-sanitizer 1.0.2 has XSS vulnerability.
---
 actionview/actionview.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionview')

diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
index 400bb156fa..cfaa5007a1 100644
--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "builder",       "~> 3.1"
   s.add_dependency "erubi",         "~> 1.4"
-  s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.2"
+  s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.3"
   s.add_dependency "rails-dom-testing", "~> 2.0"
 
   s.add_development_dependency "actionpack",  version
-- 
cgit v1.2.3