Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-1988" }
{ "imports": [ { "path": "golang.org/x/net/html", "symbols": [ "Render", "render1" ] } ] }