This project is archived and is in readonly mode.

Changeset [e3dd2107c57a8efaaea5d61cf8da65f7444760b2] by Michael Koziarski

January 31st, 2011 @ 07:45 PM

Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors.

This fixes CVE-2011-0446
https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da6...

Committed by Michael Koziarski

  • M actionpack/lib/action_view/helpers/url_helper.rb
  • M actionpack/test/template/url_helper_test.rb

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>