v6.0.2 #224
rgrove
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Bug Fixes
CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS (cross-site scripting). This issue affects Sanitize versions 3.0.0 through 6.0.1.
When using Sanitize's relaxed config or a custom config that allows
<style>elements and one or more CSS at-rules, carefully crafted input could be used to sneak arbitrary HTML through Sanitize.See the following security advisory for additional details: GHSA-f5ww-cq3m-q3g7
Thanks to @cure53 for finding this issue.
This discussion was created from the release v6.0.2.
Beta Was this translation helpful? Give feedback.
All reactions