Bypassing Sanitization using DOM clobbering in html-janitor
Moderate severity
GitHub Reviewed
Published
Jul 24, 2018
to the GitHub Advisory Database
•
Updated Sep 12, 2023
Description
Published to the GitHub Advisory Database
Jul 24, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 12, 2023
All versions of
html-janitor
are vulnerable to cross-site scripting (XSS).Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function."
Recommendation
Upgrade to version 2.0.4 or later.
References