It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and "math" or "svg" tags and one or more of the RCDATA tags were whitelisted.