tmpayton
commented
2 months ago Closing this issue because dompurify is brought in through fec-cms.
And it was upgraded to v2.5.5 https://github.com/fecgov/fec-cms/pull/6322.
Closed tmpayton closed 2 months ago
tmpayton
commented
2 months ago Closing this issue because dompurify is brought in through fec-cms.
And it was upgraded to v2.5.5 https://github.com/fecgov/fec-cms/pull/6322.
Affecting dompurify package, versions <2.4.9 >=3.0.0 <3.0.11
How to fix? Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.How to fix? Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.How to fix? Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.
Completion Criteria