symfony/ux-icons
php · symfony/ux-iconsHeads-up
symfony/ux-icons: XSS via unsanitized SVG in ux_icon() and Icon::toHtml()
The ux_icon() Twig function and Icon::toHtml() inlined SVG without sanitization, allowing XSS via script elements and event handle
20 Jun 2026 · schedule it