Please sign in to comment.
Ensure simple_format escapes its html attributes
The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb
- Loading branch information...
Showing with 1 addition and 1 deletion.