How to fix?
Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview
dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.How to fix?
Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview
dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.How to fix?
Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview
dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.
Completion Criteria
[ ] Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Affecting dompurify package, versions <2.4.9 >=3.0.0 <3.0.11
How to fix? Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.How to fix? Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.How to fix? Upgrade dompurify to version 2.4.9, 3.0.11 or higher.
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.
Completion Criteria