rails-html-sanitizer -- possible XSS vulnerability
There is a possible XSS vulnerability in rails-html-sanitizer. The gem
allows non-whitelisted attributes to be present in sanitized output
when input with specially-crafted HTML fragments, and these attributes
can lead to an XSS attack on target applications.
This issue is similar to CVE-2018-8048 in Loofah.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright