Potential XSS Problem with mail_to :encode => :javascript Options Posted on 10 February 2011 by kosmas Security announcement about potential XSS problem with mail_to :encode => :javascript. Full details here Versions affected 2.x.x and 3.0.x