The Rails-html-sanitizer, which Rails ActionView also uses, failed to sanitize input when svg and style or math and style tags were allowed. This resulted in a potential XSS vulnerability in applications that used the sanitize…Read More