Re: jquery / CVE-2020-7656
> Have you considered the possibility of back porting the parseHTML
I did consider this. However, as I implied last time — and you have
lots of edge-cases, and that is before we consider the inconsistencies
of a higher-level API like jQuery and the underlying DOM APIs etc. etc.
I would therefore very mindful about introducing regressions by this
apparently simple approach.
In any case, I have a few other things on my plate (including fixing
some upstream-introduced regressions in Django) so I would not be able
to look at this before you would. In any case, I only know enough
help here, but you have my moral support.
: :' : Chris Lamb
`. `'` firstname.lastname@example.org 🍥 chris-lamb.co.uk