We only support the latest version of PyHTML, but are open to backporting security fixes to earlier versions on-request.
We take the security of PyHTML very seriously. If you have discovered a vulnerability in PyHTML, please disclose it responsibly.
Some vulnerabilities we consider to be high-severity are:
- Bugs where HTML, JS or CSS code can be embedded within PyHTML output
without making use of the
p.style, p.DangerousRawHtmlorp.script` tags. - Bugs where the act of rendering PyHTML can trigger remote code execution
given seemingly-correct input (eg a
stror descendant ofp.Tag).
You should disclose these vulnerabilities by creating a private issue on the project's GitHub repo. We will aim to fix these issues as quickly as possible.