rails

History

Zack Deveau 8e3449908c Ignore certain data-* attributes in rails-ujs when element is contenteditable There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-disable-with or data-remote attribute. [CVE-2023-23913]	2023-03-13 12:13:42 -07:00
..
assets/javascripts	Convert rails-ujs to ES2015 modules	2022-07-07 21:52:08 -04:00
javascript	Ignore certain data-* attributes in rails-ujs when element is contenteditable	2023-03-13 12:13:42 -07:00

Zack Deveau 8e3449908c Ignore certain data-* attributes in rails-ujs when element is contenteditable

There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to occur
when pasting malicious HTML content from the clipboard that includes
a data-method, data-disable-with or data-remote attribute.

[CVE-2023-23913]

2023-03-13 12:13:42 -07:00

assets/javascripts

Convert rails-ujs to ES2015 modules

2022-07-07 21:52:08 -04:00

javascript

Ignore certain data-* attributes in rails-ujs when element is contenteditable

2023-03-13 12:13:42 -07:00