mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
rails/actiontext/app
History
Zack Deveau e215bf3360
Sanitize ActionText HTML ContentAttachment in Trix edit view 
[CVE-2024-32464]
Instances of ActionText::Attachable::ContentAttachment included
within a rich_text_area tag could potentially contain unsanitized
HTML. This could lead to a potential cross site scripting issue
within the Trix editor.

This change enforces existing sanitization routines on
ActionText::Attachable::ContentAttachment attachments.
 		2024-06-04 10:08:12 -07:00
..
assets Depend on activestorage 8.0.0-alpha 2024-05-31 23:04:54 +00:00
helpers/action_text Sanitize ActionText HTML ContentAttachment in Trix edit view 2024-06-04 10:08:12 -07:00
javascript/actiontext Revert #38957 (#44287) 2022-01-29 14:27:45 +01:00
models/action_text Action Text documentation in now in Markdown 2024-01-25 20:47:14 +00:00
views update ContentAttachment so that it works with "content" attributes 2022-08-02 15:08:16 -06:00