This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported by https://hackerone.com/vxhex
I'd like to thank HackerOne for providing a secure, responsible mechanism for reporting, and for providing their fantastic service to the Loofah maintainers.
Loofah maintainers have evaluated this as Medium (CVSS3 6.4).
Loofah <= v2.3.0
Upgrade to Loofah v2.3.1 or later.
dev-ruby/loofah 2.3.1 has been added.
Maintainer(s), please cleanup.
GLSA Vote: No!
Repository is clean, all done.