Sanitize 1.0.4 fixes a bug that made it possible to sneak a non-whitelisted element through Sanitize by repeating it several times in a row. This issue affects all configurations in all versions of Sanitize prior to 1.0.4, so upgrading is strongly recommended.
To install or upgrade Sanitize via RubyGems, run:
gem install sanitize
Thanks to Cristobal for finding and reporting this issue. I’d like to remind everyone that you can always test the latest version of Sanitize right from your browser at sanitize.pieisgood.org. If you manage to sneak something naughty through the filter like Cristobal did, please email me and let me know.