Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack. Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter as the original reporter.