Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the relaxed or a custom config allowing certain elements. Content in a or element may not be sanitized correctly even if math and svg are not in the allowlist.
Continue reading...
Continue reading...