jason v1.2.1 Release Notes
Release Date: 2020-05-04 // over 4 years ago-
🔒 Security
- 🛠 Fix
html_safe
escaping inJason.encode
The
<!--
sequence of characters would not be escaped inJason.encode
withhtml_escape
mode, which could lead to DoS attacks when used for embedding of arbitrary, user controlled strings into HTML through JSON (e.g. inside of<script>
tags).If you were not using the
html_safe
option, you are not affected.Affected versions: < 1.2.1 Patched versions: >= 1.2.1
- 🛠 Fix