Red Hat Security Advisory 2016-1858-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
9d3e8c4dd25e586408c85a6de8a2a349896b9f80ce49b91e648a10f476e7e84f