ActionView sanitize helper bypass leading to XSS using SVG tag.