Sanitize -- XSS vulnerability
Fixed an HTML injection vulnerability that could allow XSS.
When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2,
a specially crafted HTML fragment can cause libxml2 to generate
improperly escaped output, allowing non-whitelisted attributes to be
used on whitelisted elements.
Sanitize now performs additional escaping on affected attributes to
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright