mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
rails/actiontext/test
History
Zack Deveau e215bf3360
Sanitize ActionText HTML ContentAttachment in Trix edit view 
[CVE-2024-32464]
Instances of ActionText::Attachable::ContentAttachment included
within a rich_text_area tag could potentially contain unsanitized
HTML. This could lead to a potential cross site scripting issue
within the Trix editor.

This change enforces existing sanitization routines on
ActionText::Attachable::ContentAttachment attachments.
 		2024-06-04 10:08:12 -07:00
..
dummy Development of Rails 8.0 starts now 2024-05-13 16:45:20 +00:00
fixtures Improve ActionText extensiblibility 2020-12-29 20:06:45 -05:00
integration Update Action Text to use HTML5 when available 2023-06-19 15:59:59 -04:00
models Take AR affixes into account for Action Text database models 2023-12-09 11:05:52 +01:00
system Fix action text tests by updating dummy app to use import maps instead 2023-01-08 22:33:30 +00:00
template Add test coverage for `rich_text_area` helper 2023-12-03 14:53:44 -05:00
unit Sanitize ActionText HTML ContentAttachment in Trix edit view 2024-06-04 10:08:12 -07:00
application_system_test_case.rb Add ActionDispatch::SystemTestCase#fill_in_rich_text_area 2019-05-13 12:44:06 -04:00
javascript_package_test.rb fix using actiontext.js in sprocket 2023-11-07 00:36:53 -03:00
test_helper.rb Expose `assert_queries` and `assert_no_queries` assertions 2023-12-11 12:31:16 +01:00