CVE-2015-7565: XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies ({{value}}). Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer has taken responsibility for escapement. It is possible for an attacker to create a specially-crafted payload that causes a non-sanitized string to be treated as a SafeString, and thus bypass Ember’s normal escaping behavior. This could allow an attacker to execute arbitrary JavaScript in the context of the current domain (“XSS”).