rails

History

Zack Deveau e215bf3360 Sanitize ActionText HTML ContentAttachment in Trix edit view [CVE-2024-32464] Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This could lead to a potential cross site scripting issue within the Trix editor. This change enforces existing sanitization routines on ActionText::Attachable::ContentAttachment attachments.	2024-06-04 10:08:12 -07:00
..
content_helper.rb	Sanitize ActionText HTML ContentAttachment in Trix edit view	2024-06-04 10:08:12 -07:00
tag_helper.rb	./tools/rdoc-to-md --only=actiontext -a	2024-01-24 19:08:44 -05:00

Sanitize ActionText HTML ContentAttachment in Trix edit view

[CVE-2024-32464]
Instances of ActionText::Attachable::ContentAttachment included
within a rich_text_area tag could potentially contain unsanitized
HTML. This could lead to a potential cross site scripting issue
within the Trix editor.

This change enforces existing sanitization routines on
ActionText::Attachable::ContentAttachment attachments.

2024-06-04 10:08:12 -07:00

content_helper.rb

Sanitize ActionText HTML ContentAttachment in Trix edit view

2024-06-04 10:08:12 -07:00

tag_helper.rb

./tools/rdoc-to-md --only=actiontext -a

2024-01-24 19:08:44 -05:00