Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Do not mark strip_tags result as html_safe

Thanks to Marek Labos & Nethemba

CVE-2012-3465
  • Loading branch information...
commit d8cf713afabbd0c3cf8d6674b2d1a7f7c2a0e98c 1 parent c63d17c
@spastorino spastorino authored
View
2  actionpack/lib/action_view/helpers/sanitize_helper.rb
@@ -78,7 +78,7 @@ def sanitize_css(style)
# strip_tags("<div id='top-bar'>Welcome to my website!</div>")
# # => Welcome to my website!
def strip_tags(html)
- self.class.full_sanitizer.sanitize(html).try(:html_safe)
+ self.class.full_sanitizer.sanitize(html)
end
# Strips all link tags from +text+ leaving just the link text.
View
4 actionpack/test/template/sanitize_helper_test.rb
@@ -40,9 +40,9 @@ def test_strip_tags
[nil, '', ' '].each do |blank|
stripped = strip_tags(blank)
assert_equal blank, stripped
- assert stripped.html_safe? unless blank.nil?
end
- assert strip_tags("<script>").html_safe?
+ assert_equal "", strip_tags("<script>")
+ assert_equal "something &lt;img onerror=alert(1337)", ERB::Util.html_escape(strip_tags("something <img onerror=alert(1337)"))
end
def test_sanitize_is_marked_safe
Please sign in to comment.
Something went wrong with that request. Please try again.