Advisories for Gem/Haml package

2019

Cross-site Scripting

User-provided input containting the ' is not properly escaped. An attacker can manipulate the input to introduce additional attributes, potentially executing code.