Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to cross-site scripting XSS attacks. Attackers can use non-whiltelisted attributes within sanitized output to inject and execute arbitrary webscript...