Add workaround for Rails security vulnerability CVE-2012-3464.

author: Louise Crow <louise.crow@gmail.com> 2012-08-13 11:14:00 +0100
committer: Louise Crow <louise.crow@gmail.com> 2012-08-13 11:14:00 +0100
commit: deb7c8c30191a7dedb90219beef1717e404c3f65 (patch)
tree: e04c992bf2ea824bb37e95d2ce10d757af9a4523
parent: d50625a44cbf349b5931dfdde16b945c48638dfd (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/config/initializers/single_quote_escape_workaround.rb b/config/initializers/single_quote_escape_workaround.rb
new file mode 100644
index 000000000..2e713b982
--- /dev/null
+++ b/config/initializers/single_quote_escape_workaround.rb
@@ -0,0 +1,31 @@
+class ERB
+  module Util
+
+    if "html_safe exists".respond_to?(:html_safe)
+      def html_escape(s)
+        s = s.to_s
+        if s.html_safe?
+          s
+        else
+          Rack::Utils.escape_html(s).html_safe
+        end
+      end
+    else
+      def html_escape(s)
+        s = s.to_s
+        Rack::Utils.escape_html(s).html_safe
+      end
+    end
+
+    remove_method :h
+    alias h html_escape
+
+    class << self
+      remove_method :html_escape
+      remove_method :h
+    end
+
+    module_function :html_escape
+    module_function :h
+  end
+end
author	Louise Crow <louise.crow@gmail.com>	2012-08-13 11:14:00 +0100
committer	Louise Crow <louise.crow@gmail.com>	2012-08-13 11:14:00 +0100
commit	deb7c8c30191a7dedb90219beef1717e404c3f65 (patch)
tree	e04c992bf2ea824bb37e95d2ce10d757af9a4523
parent	d50625a44cbf349b5931dfdde16b945c48638dfd (diff)