GHSA-vrx2-77f2-ww34: justhtml has sanitization bypass in custom policies and programmatic DOM

April 22, 2026

justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.

Most of these issues affected advanced or custom configurations rather than the default safe path.

References

github.com/EmilStenstrom/justhtml
github.com/EmilStenstrom/justhtml/security/advisories/GHSA-vrx2-77f2-ww34
github.com/advisories/GHSA-vrx2-77f2-ww34

Code Behaviors & Features

Detect and mitigate GHSA-vrx2-77f2-ww34 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →