mirror of https://github.com/rails/rails
ab5fb4f224
`link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444 |
||
---|---|---|
.. | ||
bin | ||
lib | ||
test | ||
CHANGELOG.md | ||
MIT-LICENSE | ||
README.rdoc | ||
RUNNING_UNIT_TESTS.rdoc | ||
Rakefile | ||
actionview.gemspec |
README.rdoc
= Action View Action View is a framework for handling view template lookup and rendering, and provides view helpers that assist when building HTML forms, Atom feeds and more. Template formats that Action View handles are ERB (embedded Ruby, typically used to inline short Ruby snippets inside HTML), and XML Builder. == Download and installation The latest version of Action View can be installed with RubyGems: % gem install actionview Source code can be downloaded as part of the Rails project on GitHub * https://github.com/rails/rails/tree/master/actionview == License Action View is released under the MIT license: * http://www.opensource.org/licenses/MIT == Support API documentation is at * http://api.rubyonrails.org Bug reports can be filed for the Ruby on Rails project here: * https://github.com/rails/rails/issues Feature requests should be discussed on the rails-core mailing list here: * https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core