Clean tag attributes before passing through the escape_once logic.

Addresses CVE-2009-3009

Clean tag attributes before passing through the escape_once logic.
Addresses CVE-2009-3009
b16e0c92 · Michael Koziarski · 9a73630d · b16e0c92
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

actionpack/lib/action_view/helpers/tag_helper.rb actionpack/lib/action_view/helpers/tag_helper.rb +1 -1

未找到文件。
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -106,7 +106,7 @@ def cdata_section(content)
      #   escape_once("&lt;&lt; Accept & Checkout")
      #   # => "&lt;&lt; Accept &amp; Checkout"
      def escape_once(html)
-        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
+        ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
      end

      private