Overview

File CVE-2013-4492.patch.i18n.0.6.x of Package rubygem-i18n.openSUSE_13.1_Update

diff --git a/lib/i18n/exceptions.rb b/lib/i18n/exceptions.rb
index c0cf438..669d4cd 100644
--- a/lib/i18n/exceptions.rb
+++ b/lib/i18n/exceptions.rb
@@ -1,3 +1,5 @@
+require 'cgi'
+
 module I18n
   # Handles exceptions raised in the backend. All exceptions except for
   # MissingTranslationData exceptions are re-thrown. When a MissingTranslationData
@@ -45,8 +59,9 @@ module I18n
       end
 
       def html_message
-        key = keys.last.to_s.gsub('_', ' ').gsub(/\b('?[a-z])/) { $1.capitalize }
-        %(<span class="translation_missing" title="translation missing: #{keys.join('.')}">#{key}</span>)
+        key  = CGI.escape_html titleize(keys.last)
+        path = CGI.escape_html keys.join('.')
+        %(<span class="translation_missing" title="translation missing: #{path}">#{key}</span>)
       end
 
       def keys
@@ -63,6 +78,13 @@ module I18n
       def to_exception
         MissingTranslationData.new(locale, key, options)
       end
+
+      protected
+
+      # TODO : remove when #html_message is removed
+      def titleize(key)
+        key.to_s.gsub('_', ' ').gsub(/\b('?[a-z])/) { $1.capitalize }
+      end
     end
 
     include Base
openSUSE Build Service is sponsored by
Places