[原文]The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.
SafeHTML contains a flaw that may allow a malicious user to bypass security in the quoting of HTML entrires. The issue is triggered when the _writeAttrs() function incorrectly handles specifically crafted HTML. It is possible that the flaw may allow a security bypass resulting in a loss of integrity.
Upgrade to version 1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.