Skip to content
Browse files

sanitize after auto_link - #13 XSS vulnerability

  • Loading branch information...
1 parent a9cd403 commit be5ad894830f577e4e96f13dc7414b6462e74d1d @homakov homakov committed May 24, 2012
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/rails_autolink/helpers.rb
View
4 lib/rails_autolink/helpers.rb
@@ -60,12 +60,12 @@ def auto_link(text, *args, &block)#link = :all, html = {}, &block)
options.reverse_merge!(:link => :all, :html => {})
sanitize = (options[:sanitize] != false)
sanitize_options = options[:sanitize_options] || {}
- text = conditional_sanitize(text, sanitize, sanitize_options).to_str
- case options[:link].to_sym
+ text = case options[:link].to_sym
when :all then conditional_html_safe(auto_link_email_addresses(auto_link_urls(text, options[:html], options, &block), options[:html], &block), sanitize)
when :email_addresses then conditional_html_safe(auto_link_email_addresses(text, options[:html], &block), sanitize)
when :urls then conditional_html_safe(auto_link_urls(text, options[:html], options, &block), sanitize)
end
+ conditional_sanitize(text, sanitize, sanitize_options).to_str
end
private

0 comments on commit be5ad89

Please sign in to comment.
Something went wrong with that request. Please try again.