mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
33cb47ee48
Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
34 lines
607 B
Ruby
34 lines
607 B
Ruby
module ActionView #:nodoc:
|
|
# = Action View HTML Template
|
|
class Template
|
|
class HTML #:nodoc:
|
|
attr_accessor :type
|
|
|
|
def initialize(string, type = nil)
|
|
@string = string.to_s
|
|
@type = Types[type] || type if type
|
|
@type ||= Types[:html]
|
|
end
|
|
|
|
def identifier
|
|
'html template'
|
|
end
|
|
|
|
def inspect
|
|
'html template'
|
|
end
|
|
|
|
def to_str
|
|
ERB::Util.h(@string)
|
|
end
|
|
|
|
def render(*args)
|
|
to_str
|
|
end
|
|
|
|
def formats
|
|
[@type.respond_to?(:ref) ? @type.ref : @type.to_s]
|
|
end
|
|
end
|
|
end
|
|
end
|