Created
March 23, 2012 20:05
-
-
Save vanderhoorn/2174434 to your computer and use it in GitHub Desktop.
Monkey patch for the "XSS Vulnerability in the select helper"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# A Rails 2.3.14 monkey patch for the "XSS Vulnerability in the select helper", as reported in: | |
# http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664 | |
# | |
module ActionView | |
module Helpers | |
class InstanceTag #:nodoc: | |
private | |
def add_options(option_tags, options, value = nil) | |
if options[:include_blank] | |
option_tags = content_tag('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags | |
end | |
if value.blank? && options[:prompt] | |
prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('support.select.prompt', :default => 'Please select') | |
option_tags = content_tag('option', prompt, :value => '') + "\n" + option_tags | |
end | |
option_tags | |
end | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment