From 6ce5673d2c1a511b602e1b2ade6cdc898d14ab36 Mon Sep 17 00:00:00 2001
From: Alan Guo Xiang Tan <gxtan1990@gmail.com>
Date: Thu, 23 May 2024 10:00:16 +0800
Subject: [PATCH] SECURITY: Avoid the use of `Object#send` in
 `Onebox::Engine::StandardEmbed`

Use `Object#public_send` instead which is much safer
---
 lib/onebox/engine/standard_embed.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/onebox/engine/standard_embed.rb b/lib/onebox/engine/standard_embed.rb
index c21ca81801f..e3175d6247d 100644
--- a/lib/onebox/engine/standard_embed.rb
+++ b/lib/onebox/engine/standard_embed.rb
@@ -161,7 +161,7 @@ module Onebox
 
       def set_from_normalizer_data(normalizer)
         normalizer.data.each do |k, _|
-          v = normalizer.send(k)
+          v = normalizer.public_send(k)
           @raw[k] ||= v unless v.nil?
         end
       end