Package: rails / 2:6.0.3.7+dfsg-2+deb11u2

CVE-2023-28120.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
From 3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 Mon Sep 17 00:00:00 2001
From: Akira Matsuda <ronnie@dio.jp>
Date: Thu, 5 Jan 2023 05:25:37 +0900
Subject: [PATCH] Implement SafeBuffer#bytesplice

---
 .../core_ext/string/output_safety.rb          |  4 +++
 .../test/core_ext/string_ext_test.rb          | 30 +++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index 8a06ccdd8e..a627540a35 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -216,6 +216,10 @@ def concat(value)
     end
     alias << concat
 
+    def bytesplice(*args, value)
+      super(*args, implicit_html_escape_interpolated_argument(value))
+    end
+
     def insert(index, value)
       super(index, html_escape_interpolated_argument(value))
     end
diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb
index a51f2f64cb..c436821c94 100644
--- a/activesupport/test/core_ext/string_ext_test.rb
+++ b/activesupport/test/core_ext/string_ext_test.rb
@@ -987,6 +987,36 @@ def to_s
     assert_predicate string, :html_safe?
   end
 
+  if "".respond_to?(:bytesplice)
+    test "Bytesplicing safe into safe yields safe" do
+      string = "hello".html_safe
+      string.bytesplice(0, 0, "<b>".html_safe)
+
+      assert_equal "<b>hello", string
+      assert_predicate string, :html_safe?
+
+      string = "hello".html_safe
+      string.bytesplice(0..1, "<b>".html_safe)
+
+      assert_equal "<b>llo", string
+      assert_predicate string, :html_safe?
+    end
+
+    test "Bytesplicing unsafe into safe yields escaped safe" do
+      string = "hello".html_safe
+      string.bytesplice(1, 0, "<b>")
+
+      assert_equal "h&lt;b&gt;ello", string
+      assert_predicate string, :html_safe?
+
+      string = "hello".html_safe
+      string.bytesplice(1..2, "<b>")
+
+      assert_equal "h&lt;b&gt;lo", string
+      assert_predicate string, :html_safe?
+    end
+  end
+
   test "emits normal string yaml" do
     assert_equal "foo".to_yaml, "foo".html_safe.to_yaml(foo: 1)
   end
-- 
2.39.2