rails

History

Zack Deveau e215bf3360 Sanitize ActionText HTML ContentAttachment in Trix edit view [CVE-2024-32464] Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This could lead to a potential cross site scripting issue within the Trix editor. This change enforces existing sanitization routines on ActionText::Attachable::ContentAttachment attachments.	2024-06-04 10:08:12 -07:00
..
action_text	Sanitize ActionText HTML ContentAttachment in Trix edit view	2024-06-04 10:08:12 -07:00

Sanitize ActionText HTML ContentAttachment in Trix edit view

[CVE-2024-32464]
Instances of ActionText::Attachable::ContentAttachment included
within a rich_text_area tag could potentially contain unsanitized
HTML. This could lead to a potential cross site scripting issue
within the Trix editor.

This change enforces existing sanitization routines on
ActionText::Attachable::ContentAttachment attachments.

2024-06-04 10:08:12 -07:00

action_text

Sanitize ActionText HTML ContentAttachment in Trix edit view

2024-06-04 10:08:12 -07:00