consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
334b57501b8d6dbda8e20778b51df5ce4cb1c7c1
nairobi/config/initializers/escape_javascript_fix.rb
Javi Martín 03c135e5fd Apply escape_javascript security patch 
This patch was included in the Rails 5.2.x series, but since we haven't
upgraded yet, we need to apply it manually.
2020-04-06 16:19:44 +02:00

26 lines
674 B
Ruby
Raw Blame History

# Code taken from https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv
# Remove this code after upgrading to Rails 5.2
ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
{
"`" => "\\`",
"$" => "\\$"
}
)
module ActionView::Helpers::JavaScriptHelper
alias :old_ej :escape_javascript
alias :old_j :j
def escape_javascript(javascript)
javascript = javascript.to_s
if javascript.empty?
result = ""
else
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
end
javascript.html_safe? ? result.html_safe : result
end
alias :j :escape_javascript
end
Reference in New Issue View Git Blame Copy Permalink