python-lxml_html_clean

pool/python-lxml_html_clean

SHA256

Fork 2

Commit Graph

Author	SHA256	Message	Date
Eric Schirra	e4b41e9dad	- Update to 0.4.4 * Fixed a bug where Unicode escapes in CSS were not properly decoded before security checks. This prevents attackers from bypassing filters using escape sequences. (CVE-2026-28348) (bsc#1259378) * Fixed a security issue where <base> tags could be used for URL hijacking attacks. The <base> tag is now automatically removed whenever the <head> tag is removed (via page_structure=True or manual configuration), as <base> must be inside <head> according to HTML specifications. (CVE-2026-28350) (bsc#1259379) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml_html_clean?expand=0&rev=11	2026-03-10 12:22:43 +00:00

Author

SHA256

Message

Date

Eric Schirra

e4b41e9dad

- Update to 0.4.4

* Fixed a bug where Unicode escapes in CSS were not properly decoded before
    security checks. This prevents attackers from bypassing filters using
    escape sequences. (CVE-2026-28348) (bsc#1259378)
  * Fixed a security issue where <base> tags could be used for URL hijacking
    attacks. The <base> tag is now automatically removed whenever the <head>
    tag is removed (via page_structure=True or manual configuration), as <base>
    must be inside <head> according to HTML specifications. (CVE-2026-28350)
    (bsc#1259379)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml_html_clean?expand=0&rev=11

2026-03-10 12:22:43 +00:00

1 Commits