Added codefix example for CSS context XSS.

app/controllers/application_controller.rb

@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
 
   before_filter :authenticated, :has_info
-  helper_method :current_user, :is_admin?
+  helper_method :current_user, :is_admin?, :sanitize_font
 
   # Our security guy keep talking about sea-surfing, cool story bro.
   # protect_from_forgery
@@ -45,4 +45,9 @@ class ApplicationController < ActionController::Base
     redirect_to home_dashboard_index_path if redirect
   end
 
+  def sanitize_font(css)
+    css
+    # css if css.match(/\A[0-9]+([\%]|pt)\z/)
+  end
+
 end

app/views/layouts/application.html.erb

@@ -9,7 +9,7 @@
 <%
 if cookies[:font]
 %>
-<style>body { font-size:<%= cookies[:font] %>pt !important;}</style>
+<style>body { font-size:<%= cookies[:font] %> !important;}</style>
 <%
 end
 %>

app/views/layouts/shared/_header.html.erb

@@ -2,8 +2,8 @@
 
     <span style="color:#eee;margin-left:10px;">
      Font Size:
-     <a href="<%= home_dashboard_index_path %>?font=10" style="font-size:10pt;color:#eee;">A</a>
+     <a href="<%= home_dashboard_index_path %>?font=8pt" style="font-size:10pt;color:#eee;">A</a>
-     <a href="<%= home_dashboard_index_path %>?font=18" style="font-size:18pt;color:#eee;">A</a>
+     <a href="<%= home_dashboard_index_path %>?font=200%25" style="font-size:18pt;color:#eee;">A</a>
    </span>
      <div class="user-profile">
        <a data-toggle="dropdown" class="dropdown-toggle">