justhtml, Sanitization Bypass, GHSA-vrx2-77f2-ww34 (Medium)

Listen to this Post

The vulnerability manifests in four ways when custom policies are used: First, by preserving foreign namespaces (SVG/MathML) via a custom policy, an attacker can inject active HTML integration points (e.g., <foreignObject>, <annotation‑xml>) or mutation‑XSS payloads that survive sanitization, as well as SVG `filter=”url(…)”` attributes that trigger external fetches. Second, policies that keep `