1.2.1

Quick patch release to make the __vanish__ method used by DeferredRender private and improve the detection of unsafe user input. Previously, we would strip javascript from href attributes but only when the attribute was provided as a Symbol. Now, we check the href attribute as a Symbol or a String.

What's Changed

• Detect string href attribute with javascript by @joeldrapper in #452
• Make __vanish__ private by @joeldrapper in #453

Full Changelog: 1.2.0...1.2.1