The HTML parser mishandled certain namespaced elements in foreign content,
causing them to be incorrectly rendered. This can lead to XSS when rendering
parsed HTML.
Thanks to ensy for reporting this issue.
This is CVE-2026-42506 and Go issue https://go.dev/issue/79571.
This was a PRIVATE track issue, tracked in http://b/502106954.
The HTML parser mishandled certain namespaced elements in foreign content,
causing them to be incorrectly rendered. This can lead to XSS when rendering
parsed HTML.
Thanks to ensy for reporting this issue.
This is CVE-2026-42506 and Go issue https://go.dev/issue/79571.
This was a PRIVATE track issue, tracked in http://b/502106954.