mirror of https://github.com/rails/rails
e215bf3360
[CVE-2024-32464] Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This could lead to a potential cross site scripting issue within the Trix editor. This change enforces existing sanitization routines on ActionText::Attachable::ContentAttachment attachments. |
||
---|---|---|
.. | ||
action_text | ||
generators/action_text/install | ||
rails/generators/test_unit | ||
tasks | ||
action_text.rb |