**Security fixes**
* ``bleach.clean`` behavior parsing ``noscript`` tags did not match
browser behavior.
Calls to ``bleach.clean`` allowing ``noscript`` and one or more of
the raw text tags (``title``, ``textarea``, ``script``, ``style``,
``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable
to a mutation XSS.
This security issue was confirmed in Bleach versions v2.1.4, v3.0.2,
and v3.1.0. Earlier versions are probably affected too.
Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade.
https://bugzilla.mozilla.org/show_bug.cgi?id=1615315
**Backwards incompatible changes**
None
**Features**
None
**Bug fixes**
None
Assets
2
-
2020-02-19T17:36:01Z
-
2020-02-19T17:36:01Z
-