Cross-site Scripting
An issue was discovered in the gon gem for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now applies XSS escaping by default without relying on MultiJson.