Releases: cure53/DOMPurify
Releases · cure53/DOMPurify
DOMPurify 2.0.15
- Added a renovated test suite, thanks @peernohell
- Fixed some minor linter warnings
DOMPurify 2.0.14
- Fixed a problem with the documentMode default value
DOMPurify 2.0.12
- Fixed a minor bug when working with Trusted Types
- Fixed some typos in a demo file
- Fixed some wordings in code and docs
DOMPurify 2.0.11
- Fixed faulty behavior for non breaking space characters
- Added
ADD_DATA_URI_TAGS
directive to allow customizing Data URI tag behavior
DOMPurify 2.0.10
- Fixed a dependency problem causing builds to break
- Fixed a test in Chrome 83 covering Trusted Types
DOMPurify 2.0.9
- Removed a meanwhile useless parser check
- Added countless new attributes to whitelist
- Added whole new build and system
- Added license tag to compressed files
- Updated README for more clarity
DOMPurify 2.0.8
- Fixed a bypass that can be abused in case
SAFE_FOR_JQUERY
is used with jQuery 3.x, thanks @masatokinugawa 🙇♀️ - Added new elements to whitelist, thanks @chris-morgan
- Added first layer of prototype poisoning protection, thanks @dejang
- Added better controls for
uponSanitizeAttribute
, thanks @devinrhode2 - Added demo for node removal, thanks @mikesnare
DOMPurify 2.0.7
- Fixed several mXSS vectors spotted , thanks @masatokinugawa 🙇♂️
- Fixed a minor crash affecting MSIE11, see #372
- Fixed some typos and adjusted the README
DOMPurify 2.0.6
- Enhanced the checks for SVG-/MathML-based mXSS
- Removed several obtrusive checks and guards that are not needed any longer
- Added better test coverage
- Added better handling of situations where element removal causes mXSS
- Added better handling of content type switches causing mXSS
DOMPurify 2.0.5
- Fixed a logical issue causing overly aggressive SVG removal spotted by @thorn0