CamJN opened this issue 9 years ago · 1 comments
sanitize('<script><blink>') returns "<blink>" where it used to (and I would expect it to) return ""
sanitize('<script><blink>')
"<blink>"
""
rails/rails#25996 (comment)