Skip to content
Compare
Choose a tag to compare

DOMPurify 2.0.1

@cure53 cure53 released this
4c8ca9d
Compare
Choose a tag to compare
  • Fixed a bypass affecting latest Chrome, caused by a newly discovered Chrome mXSS vulnerability
  • Added tests to cover implemented fixes

Credits go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into a DOMPurify bypass, reported and helped verifying the fix. 🙇