Xss Vulnerability With To_json May 25th, 2007 xss vulnerability with to_jsonbut ultimately due to developer not performing due diligence checks on the input fields.UPDATE: http://dev.rubyonrails.org/ticket/8371