source:
trunk/server/common/patches/rubygem-actionpack-2.3.x-CVE-2009-3009.patch
@
1339
Last change on this file since 1339 was 1329, checked in by mitchb, 15 years ago | |
---|---|
File size: 693 bytes |
-
actionpack/lib/action_view/helpers/tag_helper.rb
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index af8c4d5..db99a0e 100644
a b module ActionView 103 103 # escape_once("<< Accept & Checkout") 104 104 # # => "<< Accept & Checkout" 105 105 def escape_once(html) 106 html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }106 ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } 107 107 end 108 108 109 109 private
Note: See TracBrowser
for help on using the repository browser.