Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request from GHSA-crh6-fp67-6883
* fix: Prevent inserting DOM nodes when they are not well-formed In case such a DOM would be created, the part that is not well formed will be transformed into text nodes, in which xml specific characters like `<` and `>` are encoded accordingly. In the upcoming version 0.9.0 those text nodes will no longer be added an an error will be thrown instead. This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior. Resolves GHSA-crh6-fp67-6883 Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity * fix: Prevent setting documentElement if node is not inserted.
- Loading branch information