Safety vulnerability ID: 71890
The information on this page was manually curated by our Cybersecurity Intelligence Team.
An issue has been identified in the sanitizer when handling unicode normalization, which can lead to arbitrary HTML being present after sanitization. Specifically, if keep_typographic_whitespace=False (the default setting), the sanitizer normalizes unicode to the NFKC form at the end of the process. Some unicode characters normalize to chevrons (< and >), allowing specially crafted HTML to escape the sanitization process.
Latest version: 2.4.4
HTML sanitizer
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application