HtmlSanitizer vulnerable to XSS when used with contentEditable

HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Mganss HtmlSanitizer 跨站脚本漏洞

Mganss HtmlSanitizer是Mganss个人开发者的一个基于C#、AngleSharp用于从清楚源代码中可能导致XSS攻击的HTML代码和文档的软件。 Mganss HtmlSanitizer 2.0.3之前版本存在跨站脚本漏洞，该漏洞源于与contentEditable元素一起使用时存在跨站脚本漏洞。

N/A

N/A