Hi, we are using HTML Purifier to sanitize the html codes we are saving in our application, With this week security scan with Fortify it detected a Cross Site Scripting (Reflected) vulnerability issue on DomLex.php (Lexer folder) that uses the loadHTML () function on line 79 and 81. Upon checking the current new version 4.15 the loadHTML() is also still use.
Any idea how to fix this issue??
I also attached the details coming from the Fortify Scan.
htmlpurifier-4.15.0/library/HTMLPurifier/Lexer/DOMLex.php