id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc
455,An attacker can bypass HTML sanitization based on CSS,jomae,hodgestar,"The current `HTMLSanitizer` has XSS vulnerabilities based on CSS. The details is in http://heideri.ch/jso/#80, http://heideri.ch/jso/#61 and http://openmya.hacker.jp/hasegawa/security/expression.txt.

The same issue in Trac has been fixed in trac:r10788 and I hope the [trac:source:branches/0.12-stable/trac/util/tests/html.py unit tests] are helpful.",defect,closed,critical,0.6.1,General,0.6,fixed,,