[security] multiple html_safe XSS problem #27

Open
dandai opened this Issue Mar 22, 2013 · 1 comment

2 participants

@dandai

for example

https://github.com/xdite/bootstrap-helper/blob/master/lib/bootstrap_helper/breadcrumb.rb#L25

@breadcrumbs.push("#{title}".html_safe)

better to be

@breadcrumbs.push("#{title.html_safe}")

thanks!

@xdite
Owner

can you send a pull request ? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment