AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-8rfp-98v4-mmr6: Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output

lowvulnerability

security

Source: GitHub Advisory DatabaseJune 16, 2026

Summary

Bleach, a library that removes dangerous content from HTML, has a vulnerability where it fails to block disallowed URI schemes (like javascript:) when Unicode characters (special invisible characters above U+00A0) are inserted into them. While modern browsers won't execute these malformed links, the vulnerability breaks Bleach's safety promise, and if downstream systems normalize these Unicode characters, the dangerous links could become executable.

Solution / Mitigation

Users should upgrade to Bleach 6.4.0. As a workaround, pre-process content to remove non-ASCII characters from URI schemes before sanitizing with bleach.clean, or implement a strong Content-Security-Policy (a security header that restricts what scripts can run on a webpage) without unsafe-inline and unsafe-eval script-srcs.

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrity

Affected Packages

bleach@<= 6.3.0 (fixed: 6.4.0)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-8rfp-98v4-mmr6

First tracked: June 16, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 70%