The new <selectedcontent> element establishes a somewhat new pattern. Similar to <svg use>, it can refer to existing content and clone it into itself.
If I read this correctly, the element allows new tricks where the attacker can now copy interesting content from the page into the sanitizer output, even if the sanitizer would not let it through.
The new
<selectedcontent>element establishes a somewhat new pattern. Similar to<svg use>, it can refer to existing content and clone it into itself.If I read this correctly, the element allows new tricks where the attacker can now copy interesting content from the page into the sanitizer output, even if the sanitizer would not let it through.