CVE-2025-29771

Name of the Vulnerable Software and Affected Versions: HtmlSanitizer versions prior to 2.0.3

Description: The issue is a cross-site scripting vulnerability that occurs when HtmlSanitizer is used with a contentEditable element to set the element's innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier that runs after sanitation, it can lead to exploitation.

Recommendations: For versions prior to 2.0.3, update to version 2.0.3 to resolve the issue. As a temporary workaround, consider disabling the use of contentEditable elements with HtmlSanitizer until the update is applied. Restrict access to the code beautifier function to minimize the risk of exploitation. Avoid using the innerHTML property to set sanitized strings produced by HtmlSanitizer in contentEditable elements until the issue is resolved.