Clean tag attributes before passing through the escape_once logic.

Addresses CVE-2009-3009
jfirebaugh · Sep 3, 2009 · 9a68c72 · 9a68c72
1 parent 07c6938
commit 9a68c72
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -103,7 +103,7 @@ def cdata_section(content)
       #   escape_once("&lt;&lt; Accept & Checkout")
       #   # => "&lt;&lt; Accept &amp; Checkout"
       def escape_once(html)
-        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
+        ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
       end
 
       private