Improper rendering of text nodes in golang.org/x/net/html
Moderate severity
GitHub Reviewed
Published
Aug 2, 2023
to the GitHub Advisory Database
•
Updated Nov 8, 2023
Description
Published by the National Vulnerability Database
Aug 2, 2023
Published to the GitHub Advisory Database
Aug 2, 2023
Reviewed
Oct 11, 2023
Last updated
Nov 8, 2023
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
References