syncfusion
diff --git a/‎controls/barcodegenerator/CHANGELOG.md
+1-1 b/‎controls/barcodegenerator/CHANGELOG.md
+1-1
diff --git a/‎controls/barcodegenerator/package.json
+1-1 b/‎controls/barcodegenerator/package.json
+1-1
diff --git a/‎controls/base/CHANGELOG.md
+8 b/‎controls/base/CHANGELOG.md
+8
diff --git a/‎controls/base/package.json
+2-2 b/‎controls/base/package.json
+2-2
diff --git a/‎controls/base/spec/santize-helper.spec.ts
+4 b/‎controls/base/spec/santize-helper.spec.ts
+4
diff --git a/‎controls/base/src/sanitize-helper.ts
+12-3 b/‎controls/base/src/sanitize-helper.ts
+12-3
diff --git a/‎controls/buttons/CHANGELOG.md
+1-1 b/‎controls/buttons/CHANGELOG.md
+1-1
diff --git a/‎controls/buttons/package.json
+1-1 b/‎controls/buttons/package.json
+1-1
diff --git a/‎controls/calendars/package.json
+2-2 b/‎controls/calendars/package.json
+2-2
@@ -2,7 +2,7 @@
 
 ## [Unreleased]
 
-## 27.1.51 (2024-09-30)
+## 27.1.52 (2024-10-08)
 
 ### Barcode
 
 
@@ -28,7 +28,7 @@
 		"canteen": "^1.0.5",
 		"jasmine-ajax": "^3.3.1",
 		"jasmine-core": "^2.6.1",
-		 "karma": "6.4.2",
+		"karma": "^1.7.0",
 		"karma-chrome-launcher": "^2.2.0",
 		"karma-generic-preprocessor": "^1.1.0",
 		"karma-htmlfile-reporter": "^0.3.5",
 
@@ -2,6 +2,14 @@
 
 ## [Unreleased]
 
+## 27.1.52 (2024-10-08)
+
+### Common
+
+#### Bug Fixes
+
+- `#I628053` - Resolved an issue where the sanitizer function did not properly handle HTML entities.
+
 ## 23.2.6 (2023-11-28)
 
 ### Common
 
@@ -1,6 +1,6 @@
 {
 	"name": "@syncfusion/ej2-base",
-	"version": "27.1.48",
+	"version": "27.1.50",
 	"description": "A common package of Essential JS 2 base libraries, methods and class definitions",
 	"author": "Syncfusion Inc.",
 	"license": "SEE LICENSE IN license",
@@ -60,7 +60,7 @@
 		"canteen": "^1.0.5",
 		"jasmine-ajax": "^3.3.1",
 		"jasmine-core": "^2.6.1",
-		 "karma": "6.4.2",
+		"karma": "^1.7.0",
 		"karma-chrome-launcher": "^2.2.0",
 		"karma-generic-preprocessor": "^1.1.0",
 		"karma-htmlfile-reporter": "^0.3.5",
 
@@ -9,6 +9,7 @@ describe('Sanitize Html Helper', () => {
     let innerHTML: string = `<div>
     <div id="inline-event" onmouseover='javascript:alert(1)'></div>
     <div id="onpropertychange" onpropertychange='javascript:alert(1)'></div>
+    <a id="html-entity" href="jav&#x09;ascript:alert('XSS')" title="http://qwef" target="_blank" aria-label="Open in new window">qwef</a>
     <script>alert('hi')</script>
     <style> </style>
     <img src="javascript:alert('XSS Image');"/>
@@ -62,6 +63,9 @@ describe('Sanitize Html Helper', () => {
         it('should remove onpropertychange attribute', () => {
             expect(htmlObject.querySelector('#onpropertychange').hasAttribute('onpropertychange')).toBe(false);
         });
+        it('should remove Html entity with href javascript alert', () => {
+            expect(htmlObject.querySelector('#html-entity').hasAttribute('href')).toBe(false);
+        });
         afterAll(() => {
             detach(htmlObject);
         });
 
@@ -49,6 +49,7 @@ const removeTags: string[] = [
 
 const removeAttrs: SanitizeRemoveAttrs[] = [
     { attribute: 'href', selector: '[href*="javascript:"]' },
+    { attribute: 'href', selector: 'a[href]' },
     { attribute: 'background', selector: '[background^="javascript:"]' },
     { attribute: 'style', selector: '[style*="javascript:"]' },
     { attribute: 'style', selector: '[style*="expression("]' },
@@ -214,9 +215,17 @@ export class SanitizeHtmlHelper {
         this.removeAttrs.forEach((item: { [key: string]: string }, index: number) => {
             const elements: NodeListOf<HTMLElement> = this.wrapElement.querySelectorAll(item.selector);
             if (elements.length > 0) {
-                elements.forEach((element: Element) => {
-                    element.removeAttribute(item.attribute);
-                });
+                if (item.selector === 'a[href]') {
+                    elements.forEach((element: Element) => {
+                        if ((element.getAttribute(item.attribute)).replace(/\t|\s|&/, '').indexOf('javascript:alert') !== -1) {
+                            element.removeAttribute(item.attribute);
+                        }
+                    });
+                } else {
+                    elements.forEach((element: Element) => {
+                        element.removeAttribute(item.attribute);
+                    });
+                }
             }
         });
     }
 
@@ -2,7 +2,7 @@
 
 ## [Unreleased]
 
-## 27.1.51 (2024-09-30)
+## 27.1.52 (2024-10-08)
 
 ### Checkbox
 
 
@@ -26,7 +26,7 @@
 		"canteen": "^1.0.5",
 		"jasmine-ajax": "^3.3.1",
 		"jasmine-core": "^2.6.1",
-		 "karma": "6.4.2",
+		"karma": "^1.7.0",
 		"karma-chrome-launcher": "^2.2.0",
 		"karma-generic-preprocessor": "^1.1.0",
 		"karma-htmlfile-reporter": "^0.3.5",
 
@@ -1,6 +1,6 @@
 {
 	"name": "@syncfusion/ej2-calendars",
-	"version": "27.1.50",
+	"version": "27.1.51",
 	"description": "A complete package of date or time components with built-in features such as date formatting, inline editing, multiple (range) selection, range restriction, month and year selection, strict mode, and globalization.",
 	"author": "Syncfusion Inc.",
 	"license": "SEE LICENSE IN license",
@@ -31,7 +31,7 @@
 		"canteen": "^1.0.5",
 		"jasmine-ajax": "^3.3.1",
 		"jasmine-core": "^2.6.1",
-		 "karma": "6.4.2",
+		"karma": "^1.7.0",
 		"karma-chrome-launcher": "^2.2.0",
 		"karma-generic-preprocessor": "^1.1.0",
 		"karma-htmlfile-reporter": "^0.3.5",