DOC-3243: Pasting an HTML document was vulnerable to XSS attacks on link element href attribute (#4031)

kemister85 · MitchC1999 · web-flow · commit 568da5e7f082 · 2026-03-26T10:23:57.000+10:00
* Docs: DOC-3243 - Pasting an HTML document was vulnerable to XSS attacks on link element href attribute * Update modules/ROOT/pages/8.4.0-release-notes.adoc Co-authored-by: Mitchell Crompton <mitchell.crompton@tiny.cloud> --------- Co-authored-by: Mitchell Crompton <mitchell.crompton@tiny.cloud>
diff --git a/modules/ROOT/pages/8.4.0-release-notes.adoc b/modules/ROOT/pages/8.4.0-release-notes.adoc
@@ -84,6 +84,20 @@ The {productname} {release-version} release includes an accompanying release of
 
 For information on the **<Premium plugin name 1>** plugin, see: xref:<plugincode>.adoc[<Premium plugin name 1>].
 
+=== Full Page HTML
+
+The {productname} {release-version} release includes an accompanying release of the **Full Page HTML** premium plugin.
+
+**Full Page HTML** includes the following fix.
+
+==== Pasting an HTML document was vulnerable to XSS attacks
+// #TINY-13673
+
+A cross-site scripting (XSS) vulnerability was discovered in the Full Page HTML plugin. Previously, malicious code within the document `<head>` was able to be executed when pasted.
+
+This vulnerability has been patched in {productname} {release-version} by ensuring that content in the document `<head>` is properly encoded.
+
+For information on the **Full Page HTML** plugin, see: xref:fullpagehtml.adoc[Full Page HTML].
 
 [[accompanying-premium-plugin-end-of-life-announcement]]
 == Accompanying Premium plugin end-of-life announcement
