This project is archived and is in readonly mode.
RailsSanitize.white_list_sanitizer.sanitize does not handle \ properly
Reported by Tietew | September 2nd, 2008 @ 06:26 AM
Sanitizing following html gives broken result.
<img src="backslash.png" alt="\" />
gives
<img src="backslash.png" alt="\" />">
The character "" (backslash) in HTML(SGML/XML) attributes has no special meaning.
Comments and changes to this ticket
-
Tietew September 2nd, 2008 @ 06:37 AM
- Tag changed from “2.1, sanitize” to “2.1, patch, sanitize”
Attached patch will fix this problem.
-
Pratik December 20th, 2008 @ 05:40 PM
- Assigned user set to “Pratik”
- State changed from “new” to “incomplete”
Patch is missing tests. Also, could you please upload the patch using git-format-patch - http://rails.lighthouseapp.com/p...?
Thanks.
-
CancelProfileIsBroken August 4th, 2009 @ 05:20 PM
- Tag changed from “2.1, patch, sanitize” to “2.1, bugmash, patch, sanitize”
-
Mike Breen August 9th, 2009 @ 06:52 PM
- I've verified the behavior but this patch busts a lot of other tests.
-
-
Pratik August 9th, 2009 @ 06:54 PM
- State changed from “incomplete” to “wontfix”
-
CancelProfileIsBroken August 9th, 2009 @ 10:06 PM
- Assigned user cleared.
- Tag changed from “2.1, bugmash, patch, sanitize” to “2.1, patch, sanitize”
- Milestone cleared.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
CancelProfileIsBroken
Pratik