Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and…

… the latter isn't
  • Loading branch information...
commit 5d5e34fa52183566968cb22f7c49544a7361a130 1 parent 1b3195b
@NZKoz NZKoz authored
View
2  actionpack/lib/action_controller/metal/redirector.rb
@@ -16,7 +16,7 @@ def redirect_to(url, status) #:doc:
logger.info("Redirected to #{url}") if logger && logger.info?
self.status = status
self.location = url.gsub(/[\r\n]/, '')
- self.response_body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>"
+ self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.h(url)}\">redirected</a>.</body></html>"
end
end
end
View
2  actionpack/lib/action_view/safe_buffer.rb
@@ -5,7 +5,7 @@ def <<(value)
if value.html_safe?
super(value)
else
- super(CGI.escapeHTML(value))
+ super(ERB::Util.h(value))
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.