Описание
html-sanitizer is an allowlist-based HTML cleaner. If using keep_typographic_whitespace=False (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| mantic | DNE | |
| noble | needed | |
| oracular | ignored | end of life, was needed |
| plucky | DNE |
Показывать по
Ссылки на источники
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.
html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typo ...
Arbitrary HTML present after sanitization because of unicode normalization
EPSS
6.1 Medium
CVSS3