Releases: cure53/DOMPurify
Releases · cure53/DOMPurify
DOMPurify 3.2.3
- Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser
- Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409
DOMPurify 2.5.8
- Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser
- Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409
DOMPurify 3.2.2
- Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @Yaniv-git
- Fixed several minor issues with the type definitions, thanks again @reduckted
- Fixed a minor issue with the types reference for trusted types, thanks @reduckted
- Fixed a minor problem with the template detection regex on some systems, thanks @svdb99
DOMPurify 3.2.1
- Fixed several minor issues with the type definitions, thanks @reduckted @ghiscoding @asamuzaK @MiniDigger
- Fixed an issue with non-minified dist files and order of imports, thanks @reduckted
DOMPurify 3.2.0
- Added type declarations, thanks @reduckted , @philmayfield, @aloisklink, @ssi02014 and others
- Fixed a minor issue with the handling of hooks, thanks @kevin-mizu
DOMPurify 3.1.7
- Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa
- Fixed several smaller typos in documentation and test & build files, thanks @christianhg
- Added better support for Angular compiler, thanks @jeroen1602
- Added several new attributes to HTML and SVG allow-list, thanks @Gigabyte5671 and @Rotzbua
- Removed the
foreignObject
element from the list of HTML entry-points, thanks @masatokinugawa - Bumped several dependencies to be more up to date
DOMPurify 2.5.7
- Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa
- Removed the
foreignObject
element from the list of HTML entry-points, thanks @masatokinugawa
DOMPurify 3.1.6
- Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu
- Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @realansgar
- Fixed a minor problem with the bower file pointing to the wrong dist path
- Fixed several minor typos in docs, comments and comment blocks, thanks @Rotzbua
- Updated several development dependencies
DOMPurify 2.5.6
- Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu
- Fixed a minor problem with the bower file pointing to the wrong dist path
- Updated several development dependencies
DOMPurify 3.1.5
- Fixed a minor issue with the dist paths in
bower.js
, thanks @HakumenNC - Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @kakao-bishop-cho