Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Update lib/rack/file.rb

Fix XSS in path_info
  • Loading branch information...
commit dd2d7d54c5184285490c79d2892d5e44a54d7731 1 parent 7b535cd
@snyff authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/rack/file.rb
View
2  lib/rack/file.rb
@@ -59,7 +59,7 @@ def _call(env)
if available
serving(env)
else
- fail(404, "File not found: #{path_info}")
+ fail(404, "File not found: #{Utils.escape_html(path_info)}")
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.