Sanitize 1.0.5 fixes a bug introduced in version 1.0.3 that prevented non-whitelisted protocols from being cleaned when relative URLs were allowed. Upgrading is strongly recommended.
RESTRICTED configs in previous versions of Sanitize are not vulnerable to this bug. The
RELAXED configs, as well as any custom config that allows relative URLs, are vulnerable in versions 1.0.3 and 1.0.4.
To install or upgrade Sanitize via RubyGems, run:
gem install sanitize
Thanks to Dev Purkayastha for reporting this issue and submitting additional test cases.