From 05a2a6a0c5ac2384e52df9b8c2aa81352a51d7c7 Mon Sep 17 00:00:00 2001
From: Grey Baker <greysteil@gmail.com>
Date: Sun, 3 May 2015 15:04:07 +0100
Subject: Handle invalid UTF-8 strings when HTML escaping

Use `ActiveSupport::Multibyte::Unicode.tidy_bytes` to handle invalid UTF-8
strings in `ERB::Util.unwrapped_html_escape` and `ERB::Util.html_escape_once`.
Prevents user-entered input passed from a querystring into a form field from
causing invalid byte sequence errors.
---
 activesupport/CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'activesupport/CHANGELOG.md')

diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index 6ebbdbc3db..c001ed1bc4 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,12 @@
+*   Handle invalid UTF-8 strings when HTML escaping
+
+    Use `ActiveSupport::Multibyte::Unicode.tidy_bytes` to handle invalid UTF-8
+    strings in `ERB::Util.unwrapped_html_escape` and `ERB::Util.html_escape_once`.
+    Prevents user-entered input passed from a querystring into a form field from
+    causing invalid byte sequence errors.
+
+    *Grey Baker*
+
 *   Fix a range of values for parameters of the Time#change
 
     *Nikolay Kondratyev*
-- 
cgit v1.2.3