<script>
element to confuse the HTML parser as to where the <script>
element ends. If the attacker also controls other content, e.g. a string of non-JavaScript content adjacent to the <script>
element, this can lead to arbitrary JavaScript execution.See #20 (comment) for details.
CVE-2020-13973