Release v2.1.3: Version 2.1.3 (March 5th, 2018) · mozilla/bleach

v2.1.3
9584f42
Verified

This tag was signed with the committer’s verified signature.

willkg Will Kahn-Greene

GPG key ID: 18BDD1A6F066EC11

Learn about vigilant mode
Compare

Choose a tag to compare

View all tags

v2.1.3: Version 2.1.3 (March 5th, 2018)

v2.1.3
9584f42
Compare

Choose a tag to compare

View all tags
Verified

This tag was signed with the committer’s verified signature.

willkg Will Kahn-Greene

GPG key ID: 18BDD1A6F066EC11

Learn about vigilant mode

willkg tagged this 05 Mar 21:35

-------------------------------

**Security fixes**

* Attributes that have URI values weren't properly sanitized if the
  values contained character entities. Using character entities, it
  was possible to construct a URI value with a scheme that was not
  allowed that would slide through unsanitized.

  This security issue was introduced in Bleach 2.1. Anyone using
  Bleach 2.1 is highly encouraged to upgrade.

**Backwards incompatible changes**

None

**Features**

None

**Bug fixes**

* Fixed some other edge cases for attribute URI value sanitizing and
  improved testing of this code.

Assets 2

Source code (zip)

2018-03-05T21:35:55Z
Source code (tar.gz)

2018-03-05T21:35:55Z

Provide feedback

Saved searches

Use saved searches to filter your results more quickly