File CVE-2020-5267.patch of Package rubygem-actionview-4_2.15971

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2020-5267.patch of Package rubygem-actionview-4_2.15971

From 033a738817abd6e446e1b320cb7d1a5c15224e9a Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Thu, 12 Mar 2020 10:25:48 -0700
Subject: [PATCH] Fix possible XSS vector in JS escape helper

This commit escapes dollar signs and backticks to prevent JS XSS issues
when using the `j` or `javascript_escape` helper

CVE-2020-5267
---
--- a/lib/action_view/helpers/javascript_helper.rb	2017-06-26 23:29:05.000000000 +0200
+++ b/lib/action_view/helpers/javascript_helper.rb	2020-03-20 16:07:03.179065491 +0100
@@ -10,7 +10,9 @@
         "\n"    => '\n',
         "\r"    => '\n',
         '"'     => '\\"',
-        "'"     => "\\'"
+        "'"     => "\\'",
+        "`"     => "\\`",
+        "$"     => "\\$"
       }
 
       JS_ESCAPE_MAP["\342\200\250".force_encoding(Encoding::UTF_8).encode!] = '&#x2028;'
@@ -24,7 +26,7 @@
       #   $('some_element').replaceWith('<%=j render 'some/element_template' %>');
       def escape_javascript(javascript)
         if javascript
-          result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
+          result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u) {|match| JS_ESCAPE_MAP[match] }
           javascript.html_safe? ? result.html_safe : result
         else
           ''

Places

File CVE-2020-5267.patch of Package rubygem-actionview-4_2.15971

Places