GHSA-H8R8-WCCR-V5F2 DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
Description A mutation-XSS mXSS condition was confirmed when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers. The vulnerable wrappers confirmed in browser behavior are script, xmp, iframe, noembed, noframes, and noscript. The payload remains seemingly...