1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionview
Aaron Patterson 033a738817
Fix possible XSS vector in JS escape helper
This commit escapes dollar signs and backticks to prevent JS XSS issues
when using the `j` or `javascript_escape` helper

CVE-2020-5267
2020-03-19 09:48:08 -07:00
..
app/assets/javascripts update from PR #36222 2020-02-12 13:31:43 -05:00
bin Use frozen string literal in actionview/ 2017-07-24 11:53:43 +03:00
lib Fix possible XSS vector in JS escape helper 2020-03-19 09:48:08 -07:00
test Fix possible XSS vector in JS escape helper 2020-03-19 09:48:08 -07:00
.gitignore Clean up and consolidate .gitignores 2018-02-17 14:26:19 -08:00
actionview.gemspec Add bug tracker/documentation/mailing list URIs to the gemspecs 2019-10-11 20:47:19 -04:00
blade.yml
CHANGELOG.md Fix translate method with default: nil 2020-02-09 23:22:00 +01:00
coffeelint.json Test rails-ujs in our travis matrix 2017-02-22 13:49:28 -05:00
MIT-LICENSE Bump license years from 2019 to 2020 [ci skip] 2020-01-01 15:10:31 +05:30
package.json update package.json files to use https homepage value 2019-10-02 12:00:11 +02:00
Rakefile Load framework test files in deterministic order 2019-12-16 16:55:06 +00:00
README.rdoc Merge pull request #35559 from ashishprajapati/ashishprajapati/important_textual_improvements 2019-03-09 22:54:21 +01:00
RUNNING_UJS_TESTS.rdoc Fix typos and add a few suggestions 2017-11-28 19:27:43 +01:00
RUNNING_UNIT_TESTS.rdoc Fix typos and add a few suggestions 2017-11-28 19:27:43 +01:00

= Action View

Action View is a framework for handling view template lookup and rendering, and provides
view helpers that assist when building HTML forms, Atom feeds and more.
Template formats that Action View handles are ERB (embedded Ruby, typically
used to inline short Ruby snippets inside HTML), and XML Builder.

You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.

== Download and installation

The latest version of Action View can be installed with RubyGems:

  $ gem install actionview

Source code can be downloaded as part of the Rails project on GitHub:

* https://github.com/rails/rails/tree/master/actionview


== License

Action View is released under the MIT license:

* https://opensource.org/licenses/MIT


== Support

API documentation is at

* https://api.rubyonrails.org

Bug reports for the Ruby on Rails project can be filed here:

* https://github.com/rails/rails/issues

Feature requests should be discussed on the rails-core mailing list here:

* https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core