rpms / rh-ror42-rubygem-actionview

Clone
Source Code
GIT

Blame SOURCES/rubygem-actionview-4.2.7.1-CVE-2016-6316-attribute-xss.patch

c7
  1.   e78d6c6c283da9be89a3f3a0460878153f474c9a
  2.   SOURCES
  3.   rubygem-actionview-4.2.7.1-CVE-2016-6316-attribute-xss.patch
Blob History Raw
e78d6c 
diff --git a/actionview/lib/action_view/helpers/tag_helper.rb b/actionview/lib/action_view/helpers/tag_helper.rb
e78d6c 
index b203857..f09595d 100644
e78d6c 
--- a/actionview/lib/action_view/helpers/tag_helper.rb
e78d6c 
+++ b/actionview/lib/action_view/helpers/tag_helper.rb
e78d6c 
@@ -181,7 +181,7 @@ def tag_option(key, value, escape)
e78d6c 
           else
e78d6c 
             value = escape ? ERB::Util.unwrapped_html_escape(value) : value
e78d6c 
           end
e78d6c 
-          %(#{key}="#{value}")
e78d6c 
+          %(#{key}="#{value.gsub(/"/, '"'.freeze)}")
e78d6c 
         end
e78d6c 
     end
e78d6c 
   end

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation