Displaying 1 result from an estimated 1 matches for "serialize_roots".
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
...8,10 +26,11 @@ module Loofah
alias :serialize :to_s
#
- # Returns a plain-text version of the markup contained by the
fragment
+ # Returns a plain-text version of the markup contained by the
fragment,
+ # with HTML entities encoded.
#
def text
- serialize_roots.children.inner_text
+ encode_special_chars serialize_roots.children.inner_text
end
alias :inner_text :text
alias :to_str :text