Skip to content
/ html-sanitizer Public

v8.1.0-RC1

Choose a tag to compare

View all tags
@fabpot fabpot released this 27 May 11:34
· 8 commits to 8.1 since this release
v8.1.0-RC1
This tag was signed with the committer’s verified signature.
fabpot Fabien Potencier
SSH Key Fingerprint: 2Epes5EqLalzBuDpYoQuproz9c57CsymvlzEGYtOXJw
Verified
Learn about vigilant mode.
5e0c1c2

Changelog (v8.1.0-BETA3...v8.1.0-RC1)

  • security #cve-2026-48761 Sanitize URL attributes on , , <iframe>, , and the URL inside content (@nicolas-grekas)
  • security #cve-2026-48760 Reject percent-encoded BiDi marks and Unicode whitespace in URLs (@nicolas-grekas)
  • bug #64342 Honor universal attribute sanitizers, apply maxInputLength to text contexts, document forceAttribute and allowAttribute caveats (@nicolas-grekas)

Contributors

nicolas-grekas
Assets 2
Loading