Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

cure53 / DOMPurify Public

Notifications You must be signed in to change notification settings
Fork 726
Star 14k

Code
Issues 1
Pull requests
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Releases: cure53/DOMPurify

Releases Tags

Releases · cure53/DOMPurify

DOMPurify 2.5.3

11 May 10:21

cure53

2.5.3

e1ddfc7

Compare

Choose a tag to compare

View all tags

DOMPurify 2.5.3

Fixed several mXSS variations found by and thanks to @kevin-mizu & @Ry0taK
Added better configurability for comment scrubbing default behavior
Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu
Fixed some smaller issues in README and other documentation

Contributors

kevin-mizu and Ry0taK

Assets 2

Crypto-Cat reacted with hooray emoji

All reactions

🎉 1 reaction

1 person reacted

DOMPurify 3.1.2

30 Apr 08:28

cure53

3.1.2

5b2e317

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 3.1.2

Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions

Contributors

kevin-mizu

Assets 2

fujikawa-rootip, StefanNo1, and Crypto-Cat reacted with hooray emoji

All reactions

🎉 3 reactions

3 people reacted

DOMPurify 2.5.2

30 Apr 08:26

cure53

2.5.2

d299fcc

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.5.2

Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions

Contributors

kevin-mizu

Assets 2

fujikawa-rootip and Crypto-Cat reacted with hooray emoji

All reactions

🎉 2 reactions

2 people reacted

DOMPurify 3.1.1

26 Apr 11:14

cure53

3.1.1

7a0a984

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 3.1.1

Fixed an mXSS sanitiser bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

Contributors

icesfont

Assets 2

ghiscoding, JorianWoltjer, d34db3ff, and fujikawa-rootip reacted with hooray emoji

johnozbay, shahryarjb, jdmartin, felixmosh, anak-nolep, CollapsedMetal, seguinleo, Heliodex, gg0h, and rugk reacted with heart emoji

fza-wtag reacted with rocket emoji

All reactions

🎉 4 reactions
❤️ 10 reactions
🚀 1 reaction

15 people reacted

DOMPurify 2.5.1

26 Apr 11:11

cure53

2.5.1

f275c0b

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.5.1

Fixed an mXSS sanitizer bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections

Contributors

icesfont

Assets 2

Heliodex reacted with hooray emoji

johnozbay reacted with heart emoji

All reactions

🎉 1 reaction
❤️ 1 reaction

2 people reacted

DOMPurify 3.1.0

07 Apr 14:10

cure53

3.1.0

db19269

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 3.1.0

Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated README to warn about happy-dom not being safe for use with DOMPurify yet
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies

Assets 2

ghiscoding, sidwebworks, cuikho210, ssi02014, fujikawa-rootip, nboisteault, imigueldiaz, and edzukation reacted with hooray emoji

seguinleo, sidwebworks, ssi02014, and imigueldiaz reacted with heart emoji

All reactions

🎉 8 reactions
❤️ 4 reactions

9 people reacted

DOMPurify 2.5.0

07 Apr 14:08

cure53

2.5.0

7f6cf8a

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.5.0

Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies

Assets 2

cuikho210 and mystica2000 reacted with heart emoji

All reactions

❤️ 2 reactions

2 people reacted

DOMPurify 3.0.11

21 Mar 11:21

cure53

3.0.11

a9fd4ae

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 3.0.11

Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

Contributors

Ry0taK and AlekseySolovey3T

Assets 2

fujikawa-rootip, kevin-mizu, ssi02014, and ghiscoding reacted with hooray emoji

charlag reacted with heart emoji

All reactions

🎉 4 reactions
❤️ 1 reaction

5 people reacted

DOMPurify 2.4.9

21 Mar 10:20

cure53

2.4.9

79cfb37

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.4.9

Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T