Fix ReDoS vulnerability in PermitScrubber by optimizing regex

Author: ch4n3-yoon

lib/rails/html/scrubbers.rb

@@ -146,7 +146,7 @@ def scrub_attribute(node, attr_node)
             Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref(attr_node)
           end
 
-          if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == "xlink:href" && attr_node.value =~ /^\s*[^#\s].*/m
+          if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == "xlink:href" && attr_node.value =~ /^\s*[^#].*/m
             attr_node.remove
           end