This is definitely invalid HTML, but would suggest that it's being interpreted incorrectly by the parse...">
Affected versions of sanitize-html
are vulnerable to cross-site scripting.
<img src>
produces the following:
<img src />
This is definitely invalid HTML, but would suggest that it’s being interpreted incorrectly by the parser.
Update to version 1.2.3 or later.
CPE | Name | Operator | Version |
---|---|---|---|
sanitize-html | le | 1.2.2 |