HTMLSanitizer.jl Tag Injection and XSS Vulnerability

A vulnerability in HTMLSanitizer.jl, a whitelist-based HTML sanitizer for Julia, allows for tag injection and execution of JavaScript. This issue arises when the style tag is added to the whitelist; content within the tag is improperly unescaped, and closing tags injected as content are treated as real HTML. This vulnerability affects versions of HTMLSanitizer.jl through 0.2.0 and could lead to cross-site scripting (XSS) in any HTML sanitized with this library.

Impact

Exploitation of this vulnerability could lead to cross-site scripting (XSS) in any HTML sanitized with HTMLSanitizer.jl.

Reproduction

To reproduce this vulnerability, add the style tag to the whitelist and sanitize input containing SVG and style elements. The sanitizer will incorrectly process the style content, allowing injection of closing tags and execution of JavaScript.

Remediation

Users should upgrade to HTMLSanitizer.jl version 0.2.1 or later, where this vulnerability has been patched. In version 0.2.1, SVG and math tags are removed by default. For versions prior to 0.2.1, add the math and SVG elements to the whitelist manually.