SECURITY: Avoid the use of Object#send in Onebox::Engine::StandardEmbed

Use `Object#public_send` instead which is much safer
2025-03-11 05:25:40 +08:00 · 2024-05-23 10:00:16 +08:00 · 2024-05-23 10:00:16 +08:00 · 6ce5673d2c
commit 6ce5673d2c
parent 26aef0c288
1 changed files with 1 additions and 1 deletions
--- a/lib/onebox/engine/standard_embed.rb
+++ b/lib/onebox/engine/standard_embed.rb
@ -161,7 +161,7 @@ module Onebox

      def set_from_normalizer_data(normalizer)
        normalizer.data.each do |k, _|
-          v = normalizer.send(k)
+          v = normalizer.public_send(k)
          @raw[k] ||= v unless v.nil?
        end
      end