Loofah 有 security 的問題,這個 gem 是 rails-html-sanitizer 的一部分
然而 rails-html-sanitizer 是 actionview 的一部分
所以,可以的話盡快更新最新版本吧。。。
更新後請確定你的 rails-html-sanitizer 版本是否 1.0.4
https://github.com/flavorjones/loofah/issues/144
This issue has been created for public disclosure of an XSS / code injection vulnerability that was responsibly reported by the Shopify Application Security Team.