source: https://www.securityfocus.com/bid/67159/info
lxml is prone to a security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
Versions prior to lxml 3.3.5 are vulnerable.
from lxml.html.clean import clean_html
html = '''\
aaa
bbb
bbb
bbb
bbb
bbb
bbb
bbb
bbb
bbb
'''
print clean_html(html)
Output: