This repository has been archived by the owner on Jul 15, 2019. It is now read-only.
Releases: YahooArchive/xss-filters
Releases · YahooArchive/xss-filters
Refreshed devDependencies and resolved build issues
- updated devDependencies
- fixed uglify settings to preserve \x0B for IE8
- updated email addresses of authors
- updated travis nodejs versions
- updated npm deploy api key
Enhanced css filters for IE
- enhanced css filters for IE
- blacklisted x-schema protocol
Fix IE compatibility issues on splicing arguments
v1.2.4 Fix IE compatibility issues on splicing arguments
Fixed blacklist protocol check and unquoted filters
v1.2.3 fixed blacklist protocol check and unquoted filters
Support CSS Filtering in Private Filters
- Support a new set of css private filters for secure-handlebars
Improved Compatibility with Older Browsers
release as version 1.1.2 resolve a cross-browser compatibility issue (array.indexOf() is not supported by old IEs)
Improved Security and Compatibility with Older Browsers
- Version bump
- Details refer to https://github.com/yahoo/xss-filters/releases/tag/v1.0.7
Improved Security and Compatibility with Older Browsers
- null handling in yc() and yavu()
- yavu() optimized and caught all null cases
- exposed yup() to retrieve protocol (some false positives for �, but acceptable)
- yubl() updated to prefix x- before javascript:, vbscript:, data:, and mhtml:
Improved Security and Compatibility with Older Browsers
- treated grave accent ` handling in y() and yavu()
- escaped tab and newline in numeric values ( instead of and instead of ) for compatibility with older browsers
- improved speed of yubl() based on http://jsperf.com/lazy-regexp-parsing
- code cleanup to shrink space
Security fix
- fixed: check : too, otherwise could bypass yubl()