Skip to content
Changelog Hub

rails 6.1.6

RubyGems / rails / 6.1.6 source

Active Support

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML.

    Álvaro Martín Fraguas

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

    Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option :escape_attributes to :escape, to simplify by applying the option to the whole tag.

    Álvaro Martín Fraguas

Action Pack

  • Allow Content Security Policy DSL to generate for API responses.

    Tim Wade

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.