GHSA-p2g9-94wh-65c2: Space bug in `clean_text`
An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug:
let html = format!("", clean_text(user_supplied_string));
Applications are not affected if they quote their attributes, or if they don’t use clean_text
at all.
References
Detect and mitigate GHSA-p2g9-94wh-65c2 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →