In Rails 4.2 HTML sanitization has been rewritten using a more secure library.

This gem includes the old behavior shipping with Rails 4.2 and before. It is strictly provided to ease migration.

To downgrade add gem 'rails-deprecated_sanitizer' to your Gemfile.

See the Rails 4.2 upgrade guide for more information.

You can read more about the new sanitization implementation here: rails-html-sanitizer.

Reporting XSS Security Issues

The code provided here deals with XSS attacks and is therefore a security concern. So if you find a security issue please follow the regular security reporting guidelines.