rails--rails

History

Alvaro Martin Fraguas 649516ce0f Fix and add protections for XSS in names. Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML. Use that method in the tag helpers of ActionView::Helpers. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag.	2022-04-26 12:34:42 -07:00
..
action_view	Fix and add protections for XSS in names.	2022-04-26 12:34:42 -07:00
action_view.rb	Bump license years to 2022 [ci-skip]	2022-01-01 15:22:15 +09:00

Alvaro Martin Fraguas 649516ce0f

Fix and add protections for XSS in names.

Add the method ERB::Util.xml_name_escape to escape dangerous characters
in names of tags and names of attributes, following the specification of
XML.

Use that method in the tag helpers of ActionView::Helpers. Rename the option
:escape_attributes to :escape, to simplify by applying the option to the whole
tag.

2022-04-26 12:34:42 -07:00

action_view

Fix and add protections for XSS in names.

2022-04-26 12:34:42 -07:00

action_view.rb

Bump license years to 2022 [ci-skip]

2022-01-01 15:22:15 +09:00