Merge pull request from GHSA-cfjv-5498-mph5

Browse Source

Prior to this commit, when a translation key indicated that the
translation text was HTML, the value returned by `I18n.translate` would
always be marked as `html_safe`.  However, the value returned by
`I18n.translate` could be an untrusted value directly from
`options[:default]`.

This commit ensures values directly from `options[:default]` are not
marked as `html_safe`.

...

This commit is contained in:

Jonathan Hefner 2020-09-09 13:44:14 -05:00 committed by GitHub

parent 18ded3a741

commit 1b58c536ab

No known key found for this signature in database

GPG Key ID: 4AEE18F83AFDEB23

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

Diff Content Not Available