pkgsrc/www/ruby-actionpack31
taca 8f099d3a77 Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the
  "prompt" value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value,
  there is a potential for XSS attacks.
  Vulnerable code will look something like this:
    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*
2012-08-12 10:34:38 +00:00
..
DESCR
distinfo Update ruby-actionpack31 to 3.1.8. 2012-08-12 10:34:38 +00:00
Makefile Update ruby-actionpack31 to 3.1.6. 2012-06-14 14:54:45 +00:00
PLIST Update ruby-actionpack31 to 3.1.4. 2012-03-18 05:38:57 +00:00