5 hours ago
Low
resolved
resolved
Rails::HTML::Sanitizer.allowed_uri? returns true for entity-encoded control-character-split javascript: URLs
Bug reported by smlee was disclosed at April 18, 2026, 3:27 pm |
A vulnerability was discovered in the `Rails::HTML::Sanitizer.allowed_uri?` method of the `rails-html-sanitizer` library. The method incorrectly returned `true` for entity-encoded control-character-split `javascript:` URLs, which could lead to potential security issues if the application relied on the method's result to make security decisions.