justhtml 1.9.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the justhtml package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS) justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `to_markdown` function when serializing attacker-controlled `<pre>` content. An attacker can execute arbitrary HTML or scripts by crafting input containing backticks and HTML-like text within a sanitized `<pre>` element, causing the generated Markdown to break out of the intended code block and render raw HTML when processed by Markdown renderers that allow raw HTML. How to fix Cross-site Scripting (XSS)? Upgrade `justhtml` to version 1.13.0 or higher.	[,1.13.0)
L Cross-site Scripting (XSS) justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the serialization process of raw-text elements such as `script` and `style` when a custom sanitization policy retains these elements. An attacker can execute arbitrary scripts in the context of the affected application by injecting specially crafted text nodes that break out of the raw-text context and introduce malicious HTML or JavaScript. Note: This is only exploitable if a custom policy is used that allows `script` or `style` elements to be retained during sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `justhtml` to version 1.12.0 or higher.	[,1.12.0)
M Cross-site Scripting (XSS) justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `to_markdown` function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters such as `<` and `>`, which are not properly escaped during Markdown serialization. This can lead to the execution of unintended scripts or markup when the generated Markdown is rendered. How to fix Cross-site Scripting (XSS)? Upgrade `justhtml` to version 1.12.0 or higher.	[,1.12.0)
H Uncontrolled Recursion justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Uncontrolled Recursion in the construction, when parsing deeply nested HTML structures. An attacker can cause the application to terminate unexpectedly or fail requests by supplying HTML input with excessive nesting, which triggers unbounded recursion and results in an unhandled `RecursionError`. How to fix Uncontrolled Recursion? Upgrade `justhtml` to version 1.10.0 or higher.	[,1.10.0)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

justhtml is an A pure Python HTML5 parser that just works.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the to_markdown function when serializing attacker-controlled <pre> content. An attacker can execute arbitrary HTML or scripts by crafting input containing backticks and HTML-like text within a sanitized <pre> element, causing the generated Markdown to break out of the intended code block and render raw HTML when processed by Markdown renderers that allow raw HTML.

How to fix Cross-site Scripting (XSS)?

Upgrade justhtml to version 1.13.0 or higher.

[,1.13.0)

Cross-site Scripting (XSS)

justhtml is an A pure Python HTML5 parser that just works.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the serialization process of raw-text elements such as script and style when a custom sanitization policy retains these elements. An attacker can execute arbitrary scripts in the context of the affected application by injecting specially crafted text nodes that break out of the raw-text context and introduce malicious HTML or JavaScript.

Note: This is only exploitable if a custom policy is used that allows script or style elements to be retained during sanitization.

How to fix Cross-site Scripting (XSS)?

Upgrade justhtml to version 1.12.0 or higher.

[,1.12.0)

Cross-site Scripting (XSS)

justhtml is an A pure Python HTML5 parser that just works.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the to_markdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters such as < and >, which are not properly escaped during Markdown serialization. This can lead to the execution of unintended scripts or markup when the generated Markdown is rendered.

How to fix Cross-site Scripting (XSS)?

Upgrade justhtml to version 1.12.0 or higher.

[,1.12.0)

Uncontrolled Recursion

justhtml is an A pure Python HTML5 parser that just works.

Affected versions of this package are vulnerable to Uncontrolled Recursion in the construction, when parsing deeply nested HTML structures. An attacker can cause the application to terminate unexpectedly or fail requests by supplying HTML input with excessive nesting, which triggers unbounded recursion and results in an unhandled RecursionError.

How to fix Uncontrolled Recursion?

Upgrade justhtml to version 1.10.0 or higher.

[,1.10.0)

justhtml@1.9.1 vulnerabilities

A pure Python HTML5 parser that just works.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically