Displaying 1 result from an estimated 1 matches for "b7ffa20".
Did you mean:
07ff20
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
...nd Loofah::HTML::DocumentFragment#text now
escape HTML entities.
Bug fixes:
* Loofah::XssFoliate was not properly escaping HTML entities when
implicitly scrubbing a string attribute. GH #17
Patch
----------
diff --git a/lib/loofah/html/document.rb b/lib/loofah/html/document.rb
index 30b8b9f..b7ffa20 100644
--- a/lib/loofah/html/document.rb
+++ b/lib/loofah/html/document.rb
@@ -10,10 +10,11 @@ module Loofah
include Loofah::DocumentDecorator
#
- # Returns a plain-text version of the markup contained by the
document
+ # Returns a plain-text version of the markup contain...