Debian Linux Security Advisory 4358-1 - The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used on a whitelisted HTML element.
40a3126031a021ed1604bc09ac2d9b39a41e33cd6fb5c6d278a6de68d833df59