typo3/html-sanitizer
php · typo3/html-sanitizerHeads-up
typo3/html-sanitizer: Whitespace-variant closing tags bypass sanitization when ALLOW_INSECURE_RAW_TEXT is enabled
When ALLOW_INSECURE_RAW_TEXT is enabled, the sanitizer fails to recognize whitespace-variant closing tags (e.
13 Jun 2026 · schedule it
php · typo3/html-sanitizerHeads-up
typo3/html-sanitizer: Namespace attribute encoding bypass (XSS)
Namespace attributes are not encoded correctly during HTML serialization, allowing bypass of the cross-site scripting prevention m
13 Jun 2026 · schedule it