This project is archived and is in readonly mode.

#3559 ✓stale
Daniel Lopes

Problem with XSS escape in select_* (eg: select_month) helpers

Reported by Daniel Lopes | December 10th, 2009 @ 09:25 PM | in 2.3.10

I just tested the new Rails 2.3.5 with rails_xss plugin and it fail in select_* helpers. For now I just tested in select_month, select_year and select_day but probably this behavior is the same in select_seconds and select_minutes.

The problem is rails_xss doesn't work like other xss proof helper, and escape the options and select html tags generated by these helpers.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Tags

Referenced by

Pages