This project is archived and is in readonly mode.
wrong escaping of POST data
Reported by rbialek (at gmail) | December 11th, 2009 @ 03:54 PM
When submitting a form with text data containing "<" character in a text_area, the data are escaped incorrectly on the server side. Consequently the params received contain wrong data.
Example:
Post data: "A<B, C<D"
Received data: "A<D" rather than "A<B, C<D"
This issue is only present with < signs, and is probably
related to XSS filtering.
An option to disable escaping would be welcomed.
Comments and changes to this ticket
-
Rohit Arondekar October 7th, 2010 @ 11:59 AM
- State changed from “new” to “stale”
- Importance changed from “” to “Low”
Marking ticket as stale. If this is still an issue please leave a comment with suggested changes, creating a patch with tests, rebasing an existing patch or just confirming the issue on a latest release or master/branches.
-
csnk May 18th, 2011 @ 08:27 AM
We are the professional underwear manufacturer, underwear supplier, underwear factory, custom underwear.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Jeremy Kemper
rbialek (at gmail)
Rohit Arondekar