Attachment 831793 Details for Bug 1036914 – Upstream patch for 4.0.x

[patch] Upstream patch for 4.0.x

4-0-simple_format_xss.patch (text/plain), 1.11 KB, created by Tomas Hoger on 2013-12-02 21:49:45 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Tomas Hoger

Created: 2013-12-02 21:49:45 UTC

Size: 1.11 KB

patch

obsolete

>From 97b811b7f8d3750635bea7e4f816d1ad71b5f9a1 Mon Sep 17 00:00:00 2001
>From: Michael Koziarski <michael@koziarski.com>
>Date: Tue, 19 Nov 2013 09:00:08 +1300
>Subject: [PATCH] Ensure simple_format escapes its html attributes
>
>The previous behavior equated the sanitize option for simple_format with the
>escape option of content_tag, however these are two distinct concepts.
>
>This fixes CVE-2013-6416
>---
> actionpack/lib/action_view/helpers/text_helper.rb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
>index 2ed825e..285d27d 100644
>--- a/actionpack/lib/action_view/helpers/text_helper.rb
>+++ b/actionpack/lib/action_view/helpers/text_helper.rb
>@@ -266,7 +266,7 @@ module ActionView
>           content_tag(wrapper_tag, nil, html_options)
>         else
>           paragraphs.map { |paragraph|
>-            content_tag(wrapper_tag, paragraph, html_options, options[:sanitize])
>+            content_tag(wrapper_tag, raw(paragraph), html_options)
>           }.join("\n\n").html_safe
>         end
>       end
>-- 
>1.8.3.4
>

Actions: View | Diff

Attachments on bug 1036914: 831793