title: HTML injection/XSS in Sanitize
When Sanitize gem is used in combination with libxml2 >= 2.9.2,
a specially crafted HTML fragment can cause libxml2 to generate
improperly escaped output, allowing non-whitelisted attributes to be
used on whitelisted elements.
if Sanitize's output is served to browsers.
- "< 1.1.0"
- "~> 2.1.1"
- ">= 4.6.3"