Title: Escape , and #20 Key Points: - Vulnerability: In HTML script elements, specific substrings ( , , and ) within a JSON string literal can switch the HTML parser state, even if contained in tags. - Impact: This can lead to script injection or disruption of script execution when used selectively. - Solution: The fix involves escaping these substrings to prevent parser state switching. - Examples: - Affected Versions: The vulnerability affects versions before . - CVE Assigned: CVE-2020-13973 - Fixed Version: The fix is included in version . - Timeline: - Discovered and discussed on June 4, 2020. - Merged fix on June 8, 2020. - CVE assigned and advisory updated on June 9, 2020.