Fix XSS vulnerabilities in chunk-handling

2007-09-23 19:30:39 +00:00 · 2007-09-23 19:30:39 +00:00 · a3d3f1c536
commit a3d3f1c536
parent 36b86a9d41
6 changed files with 55 additions and 3 deletions
--- a/lib/chunks/chunk.rb
+++ b/lib/chunks/chunk.rb
@ -74,6 +74,14 @@ module Chunk
      @content.delete_chunk(self)
    end

+    def  html_escape(string)
+      string.gsub( /&/, "&amp;" ).
+             gsub( /</, "&lt;" ).
+             gsub( />/, "&gt;" ).
+             gsub( /'/, "&#39;" ).
+             gsub( /"/, "&quot;" )
+    end
+
  end

 end