Added codefix example for CSS context XSS.

app/controllers/application_controller.rb

@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
 
   before_filter :authenticated, :has_info
-  helper_method :current_user, :is_admin?
+  helper_method :current_user, :is_admin?, :sanitize_font
 
   # Our security guy keep talking about sea-surfing, cool story bro.
   # protect_from_forgery
@@ -45,4 +45,9 @@ class ApplicationController < ActionController::Base
     redirect_to home_dashboard_index_path if redirect
   end
 
+  def sanitize_font(css)
+    css
+    # css if css.match(/\A[0-9]+([\%]|pt)\z/)
+  end
+
 end