-
Fix and add protections for XSS in
ActionView::HelpersandERB::Util.Escape dangerous characters in names of tags and names of attributes in the tag helpers, following the XML specification. Rename the option
:escape_attributesto:escape, to simplify by applying the option to the whole tag.Álvaro Martín Fraguas
-
Ensure models passed to
form_forattempt to callto_model.Sean Doyle
Please check 7-0-stable for previous changes.