ruby-loofah: manipulation and transformation of HTML/XML documents and fragments Loofah could be made to perform XSS attacks if a crafted SVG element is republished