kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionview/test
History
Damien Burke ab5fb4f224 Don’t allow arbitrary data in back urls 
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`

This commit restricts the back URL to valid
non-javascript URLs.

https://github.com/rails/rails/issues/14444
2015-11-03 17:20:48 -08:00
..
actionpack Delete needless require 'active_support/deprecation' 2015-10-20 20:02:59 +09:00
activerecord Fix calling cache helper with a relation 2015-08-28 17:26:09 +10:00
fixtures Tweaked wording used in some tests. 2015-10-25 08:57:50 +00:00
lib/controller Add tests to make sure label and placeholder respect to_model 2015-02-05 16:19:29 -02:00
template Don’t allow arbitrary data in back urls 2015-11-03 17:20:48 -08:00
tmp Add tmp dir in actionview/test/ 2013-08-05 01:24:14 +05:30
abstract_unit.rb mostly remove the ParamsParser middleware 2015-09-18 15:36:55 -07:00
active_record_unit.rb Closes rails/rails#18864: Renaming transactional fixtures to transactional tests 2015-03-16 11:35:44 -07:00