From fa99b47bdcdcdf773f16f4daa2b558740b8eb8cb Mon Sep 17 00:00:00 2001 From: Ikumi Shimizu <193sim@gmail.com> Date: Wed, 18 May 2016 16:41:36 +0900 Subject: [PATCH] fix xss vulnerability in modal_helper:close_button --- app/helpers/modal_helper.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/helpers/modal_helper.rb b/app/helpers/modal_helper.rb index b47c8b86..8c95bf9a 100644 --- a/app/helpers/modal_helper.rb +++ b/app/helpers/modal_helper.rb @@ -34,8 +34,7 @@ def modal_footer(options, &block) end def close_button(dismiss) - #It doesn't seem to like content_tag, so we do this instead. - raw("") + content_tag :button, '×'.html_safe, { :class => 'close', "data-dismiss" => dismiss, "aria-hidden" => true } end def modal_toggle(content_or_options = nil, options, &block)