|
Last change
on this file since 1334 was
1329,
checked in by mitchb, 15 years ago
|
|
Scriptsify activesupport and actionpack ruby gems, patch for CVE-2009-3009
|
|
File size:
693 bytes
|
| Rev | Line | |
|---|
| [1329] | 1 | diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb |
|---|
| 2 | index af8c4d5..db99a0e 100644 |
|---|
| 3 | --- a/actionpack/lib/action_view/helpers/tag_helper.rb |
|---|
| 4 | +++ b/actionpack/lib/action_view/helpers/tag_helper.rb |
|---|
| 5 | @@ -103,7 +103,7 @@ module ActionView |
|---|
| 6 | # escape_once("<< Accept & Checkout") |
|---|
| 7 | # # => "<< Accept & Checkout" |
|---|
| 8 | def escape_once(html) |
|---|
| 9 | - html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } |
|---|
| 10 | + ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } |
|---|
| 11 | end |
|---|
| 12 | |
|---|
| 13 | private |
|---|
| 14 | |
|---|
Note: See
TracBrowser
for help on using the repository browser.
