This project is archived and is in readonly mode.
New XSS protections breaks yaml
Reported by Mathieu Arnold | December 2nd, 2009 @ 02:17 PM | in 2.3.6
This is correct :
>> ('foo' + 'baar').to_yaml
=> "--- foobaar\n"
This, on the other hand, feels way wrong :
>> ('foo' << 'baar').to_yaml
=> "--- !str \nstr: foobaar\n"@_rails_html_safe": false\n"
Comments and changes to this ticket
-
Santiago Pastorino April 22nd, 2010 @ 10:32 PM
- Milestone set to “2.3.6”
- State changed from “new” to “open”
- Assigned user set to “Michael Koziarski”
-
Repository April 22nd, 2010 @ 10:35 PM
- State changed from “open” to “committed”
(from [c401102a2702f9b945803e66d3a25b77d882ee13]) Is not nessesary to have @_rails_html_safe instance var when the string is unsafe, also it breaks to_yaml [#3535 state:committed] http://github.com/rails/rails/commit/c401102a2702f9b945803e66d3a25b...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Craig Davey
Michael Koziarski
Referenced by
-
3545
@_rails_html_safe clutters up YAML
duplicates #3535
-
3535
New XSS protections breaks yaml
(from [c401102a2702f9b945803e66d3a25b77d882ee13])
Is not ...