This project is archived and is in readonly mode.

#3562 ✓stale
rbialek (at gmail)

wrong escaping of POST data

Reported by rbialek (at gmail) | December 11th, 2009 @ 03:54 PM

When submitting a form with text data containing "<" character in a text_area, the data are escaped incorrectly on the server side. Consequently the params received contain wrong data.

Example:
Post data: "A<B, C<D"
Received data: "A<D" rather than "A<B, C<D"

This issue is only present with < signs, and is probably related to XSS filtering.
An option to disable escaping would be welcomed.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Pages