projects / platform / upstream / python-lxml.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 10c66aa) | patch
[CVE-2020-27783] Prevent combinations of <math/svg> and <style> to sneak JavaScript... 16/256516/1 tizen_6.0_base submit/tizen_6.0_base/20210407.070332
authorJinWang An <jinwang.an@samsung.com>
Tue, 6 Apr 2021 06:38:05 +0000 (15:38 +0900)
committerJinWang An <jinwang.an@samsung.com>
Tue, 6 Apr 2021 06:38:05 +0000 (15:38 +0900)
commitff75f3c1d46d9d76a91ce066af4c77555f62616e
treef414cd6d9afdd8ad91e749599c6a819e127fa4d0tree | snapshot
parent10c66aad5e201626baa7b803980af3e7f1e907cacommit | diff
[CVE-2020-27783] Prevent combinations of <math/svg> and <style> to sneak JavaScript through the HTML cleaner.

 A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through.  The cleaner now removes more sneaky
"style" content.

Change-Id: Ic0411a54417df8d75cd2e86cf8ca36b7e2d80ab6
Signed-off-by: JinWang An <jinwang.an@samsung.com>
src/lxml/html/clean.py diff | blob | history
src/lxml/html/tests/test_clean.py diff | blob | history
src/lxml/html/tests/test_clean.txt diff | blob | history
Domain: System / Base;