Rails 4 -- Possible XSS Vulnerability in Action View
Ruby Security team reports:
There is a possible XSS vulnerability in Action View. Text declared as "HTML
safe" will not have quotes escaped when used as attribute values in tag
helpers. This vulnerability has been assigned the CVE identifier
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright