bootstrap-helper icon indicating copy to clipboard operation
bootstrap-helper copied to clipboard
verified publisher icon xdite

[security] multiple html_safe XSS problem

Open dandai opened this issue 12 years ago • 1 comments

for example

https://github.com/xdite/bootstrap-helper/blob/master/lib/bootstrap_helper/breadcrumb.rb#L25

@breadcrumbs.push("#{title}".html_safe)

better to be

@breadcrumbs.push("#{title.html_safe}")

thanks!

dandai avatar Mar 22 '13 08:03 dandai

can you send a pull request ? Thanks!

xdite avatar Mar 22 '13 09:03 xdite