mirror of https://github.com/rails/rails
e215bf3360
[CVE-2024-32464] Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This could lead to a potential cross site scripting issue within the Trix editor. This change enforces existing sanitization routines on ActionText::Attachable::ContentAttachment attachments. |
||
---|---|---|
.. | ||
dummy | ||
fixtures | ||
integration | ||
models | ||
system | ||
template | ||
unit | ||
application_system_test_case.rb | ||
javascript_package_test.rb | ||
test_helper.rb |