html-janitor@1.0.1 vulnerabilities
Cleans up your markup and allows you to take control of your HTML.
latest version
2.0.4
first published
11 years ago
latest version published
6 years ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the html-janitor package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
html-janitor is a library that cleans up your markup and allows you to take control of your HTML. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Passing user-controlled data to the module's clean() function can result in arbitrary JS execution, because of unsafe DOM operations. How to fix Cross-site Scripting (XSS)? There is no fixed version for | * |
html-janitor is a library that cleans up your markup and allows you to take control of your HTML. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function. How to fix Cross-site Scripting (XSS)? Upgrade | <2.0.4 |