Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

[security] multiple html_safe XSS problem #27

Open
dandai opened this Issue · 1 comment

2 participants

@dandai

for example

https://github.com/xdite/bootstrap-helper/blob/master/lib/bootstrap_helper/breadcrumb.rb#L25

@breadcrumbs.push("#{title}".html_safe)

better to be

@breadcrumbs.push("#{title.html_safe}")

thanks!

@xdite
Owner

can you send a pull request ? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.