New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use DOMParser to secure setting innerHTML #1930
Use DOMParser to secure setting innerHTML #1930
Conversation
Seems good, all tests are passing. I'll go ahead and merge it, but the release will be done tomorrow. If anybody has anything to add here, please do so. Once again, thank you @september28 for the exemplary issue-report 馃憦 |
Some tests are failing in IE11: https://github.com/sweetalert2/sweetalert2/runs/541098252?check_suite_focus=true
|
## [9.10.7](v9.10.6...v9.10.7) (2020-03-28) ### Bug Fixes * use DOMParset only if html is not empty ([#1931](#1931)) ([54463ec](54463ec)), closes [/github.com//pull/1930#issuecomment-605412269](https://github.com//github.com/sweetalert2/sweetalert2/pull/1930/issues/issuecomment-605412269) * use DOMParset to secure setting innerHTML ([#1930](#1930)) ([18c5a63](18c5a63))
馃帀 This PR is included in version 9.10.7 馃帀 The release is available on: Your semantic-release bot 馃摝馃殌 |
## [9.10.7](sweetalert2/sweetalert2@v9.10.6...v9.10.7) (2020-03-28) ### Bug Fixes * use DOMParset only if html is not empty ([sweetalert2#1931](sweetalert2#1931)) ([56f0928](sweetalert2@56f0928)), closes [/github.com/sweetalert2/pull/1930#issuecomment-605412269](https://github.com//github.com/sweetalert2/sweetalert2/pull/1930/issues/issuecomment-605412269) * use DOMParset to secure setting innerHTML ([sweetalert2#1930](sweetalert2#1930)) ([dedec23](sweetalert2@dedec23))
Fixes #1926
element.innerHTML
= is not used anymore 馃帀 Instead,DOMParser
is used, docs: https://developer.mozilla.org/en-US/docs/Web/API/DOMParserMany thanks to @september28 for his valuable input!