Bypassing Sanitization using DOM clobbering in html-janitor

2018-07-24T20:06:17
ID GHSA-FX46-WHRJ-73V5
Type github
Reporter GitHub Advisory Database
Modified 2021-01-08T18:50:35

Description

All versions of html-janitor are vulnerable to cross-site scripting (XSS).

Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function."

Recommendation

Upgrade to version 2.0.4 or later.