2018-03-30 19:00:00
hackerone
PUBLISHED
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.