vanderhoorn
vanderhoorn
/ rails-2-3-14-select_options.rb
Created
March 23, 2012 20:05
Monkey patch for the "XSS Vulnerability in the select helper"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A Rails 2.3.14 monkey patch for the "XSS Vulnerability in the select helper", as reported in: | |
| # http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664 | |
| # | |
| module ActionView | |
| module Helpers | |
| class InstanceTag #:nodoc: | |
| private | |
| def add_options(option_tags, options, value = nil) | |
| if options[:include_blank] |
vanderhoorn
/ rails-arel-update_all-bug.rb
Created
February 5, 2014 14:34
Test for Arel bug in https://github.com/rails/arel/pull/243
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gem 'rails', '4.0.2' | |
| require 'active_record' | |
| require 'logger' | |
| # Print out what version we're running | |
| # 4.0.2 | |
| puts "Active Record #{ActiveRecord::VERSION::STRING}" | |
| # 4.0.1 | |
| puts "Arel #{Arel::VERSION}" |