Dependabot Alert: DOMPurify allows tampering by prototype pollution

GSA / 889-tool

Web service for determining 889 compliance of vendors

1 stars 0 forks source link

Dependabot Alert: DOMPurify allows tampering by prototype pollution #332

Open JennaySDavis opened 1 week ago

JennaySDavis commented 1 week ago

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.

JennaySDavis commented 2 days ago

332 Acceptance Criteria

Pass/Fail	Description
Pass	Full Regression Testing of 889 Tool

Comments/Additional Notes N/A

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria	Score
Performance	98
Accessibility	96*
Best Practices	100

Accessibility score will increase when this ticket is completed: Bug: Accessibility Issue; Lists do not contain only

elements and script supporting elements ( Githubissues.

Githubissues is a development platform for aggregating issues.