It’s really confusing to decide whether sanitize will help avoid XSS in
case when :attributes => %w( style )
on stackoverflow, people say that it is not safe, yet the examples they
give such as
style=“background-image: url(javascript:[code]);”
is being filtered out using sanitize and all that is left is style=""
is there a way to get a definite answer if sanitize with style allow
will
protect against XSS or not?