From 9af2823b32e001358babde7644e5cc1c0ec29d6e Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Mon, 31 Aug 2009 12:07:30 -0700
Subject: [PATCH] Clean tag attributes before passing through the escape_once logic.
Addresses CVE-2009-3009
---
actionpack/lib/action_view/helpers/tag_helper.rb | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index ba43b5e..623b8f7 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -101,7 +101,7 @@ module ActionView
# escape_once("<< Accept & Checkout")
# # => "<< Accept & Checkout"
def escape_once(html)
- html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
+ ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
end
private
--
1.6.0.1