Last change
on this file since 1339 was
1329,
checked in by mitchb, 15 years ago
|
Scriptsify activesupport and actionpack ruby gems, patch for CVE-2009-3009
|
File size:
693 bytes
|
Rev | Line | |
---|
[1329] | 1 | diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb |
---|
| 2 | index af8c4d5..db99a0e 100644 |
---|
| 3 | --- a/actionpack/lib/action_view/helpers/tag_helper.rb |
---|
| 4 | +++ b/actionpack/lib/action_view/helpers/tag_helper.rb |
---|
| 5 | @@ -103,7 +103,7 @@ module ActionView |
---|
| 6 | # escape_once("<< Accept & Checkout") |
---|
| 7 | # # => "<< Accept & Checkout" |
---|
| 8 | def escape_once(html) |
---|
| 9 | - html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } |
---|
| 10 | + ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } |
---|
| 11 | end |
---|
| 12 | |
---|
| 13 | private |
---|
| 14 | |
---|
Note: See
TracBrowser
for help on using the repository browser.