Rated 1 Stars (out of 5) - What the release notes don't tell you is that: (1) The old version of the sanitizer is completely vulnerable to XSS attacks in IE, due to a CSS parsing error, and (2) this patch "fixes" it by removing all CSS and various other harmless tags and attributes (such as <b> tags and HREF attributes). If you intend to sanitize any kind of HTML at all, use something else.
↧