GHSA-f8rq-m28h-8hxj

Описание

Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting (XSS). The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 0.8.7 or later.