Skip to content

v0.1.0-beta.4 - CodeQL HIGH fix

Pre-release
Pre-release

Choose a tag to compare

@HetCreep HetCreep released this 09 Jul 06:43
v0.1.0-beta.4
e09ab56

CodeQL HIGH fix: js/incomplete-multi-character-sanitization on the HTML-comment strip now strips to a FIXED POINT (repeat until stable) - the canonical fix for an overlapping-marker bypass. bad-tag-filter (the parser is a CommonMark block-classifier, not a security sanitizer - HTML is passthrough-flagged, never sanitized), the dead-code notes, and Scorecard posture are dismissed-with-reason.