ruby-sanitize: allowlist-based HTML and CSS sanitizer Sanitize could be made to perform XSS attacks if it received specially crafted input.