PT-2026-25815

Summary LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Details LeafKit attempts to escape expressions during serialization, but due to...