Uncontrolled recursion DoS in JustHTML() via deeply nested HTML
justhtml through 1.9.1 allows denial of service via deeply nested HTML. During parsing, JustHTML.init() always reaches TreeBuilder.finish(), which unconditionally calls _populate_selectedcontent(). That function recursively traverses the DOM via _find_elements() / _find_element() without a depth bound, allowing attacker-controlled deeply nested input to trigger an unhandled RecursionError on CPython. Depending on the host application's exception handling, this can abort parsing, fail requests, or terminate a worker/process.