Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Deno 跨站脚本漏洞

Deno是Deno开源的一个简单、现代且安全的JavaScript和 TypeScript运行环境。它使用 V8 并使用 Rust 构建。 Deno存在跨站脚本漏洞，该漏洞源于deno_doc包中包含多个跨站脚本漏洞。

N/A

N/A