Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Clean tag attributes before passing through the escape_once logic.

Addresses CVE-2009-3009
  • Loading branch information...
commit 9a68c72b4bd9073d6405f69791d9348ab26d8415 1 parent 07c6938
Michael Koziarski NZKoz authored

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. +1 1  actionpack/lib/action_view/helpers/tag_helper.rb
2  actionpack/lib/action_view/helpers/tag_helper.rb
@@ -103,7 +103,7 @@ def cdata_section(content)
103 103 # escape_once("<< Accept & Checkout")
104 104 # # => "<< Accept & Checkout"
105 105 def escape_once(html)
106   - html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
  106 + ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
107 107 end
108 108
109 109 private

0 comments on commit 9a68c72

Please sign in to comment.
Something went wrong with that request. Please try again.