Skip to content

Releases: cure53/DOMPurify

DOMPurify 3.2.3

09 Dec 09:21
f1106aa
Compare
Choose a tag to compare
  • Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser
  • Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409

DOMPurify 2.5.8

09 Dec 09:04
ee992fc
Compare
Choose a tag to compare
  • Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser
  • Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409

DOMPurify 3.2.2

29 Nov 10:47
3990b7e
Compare
Choose a tag to compare
  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @Yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @svdb99

DOMPurify 3.2.1

20 Nov 10:22
7f154b3
Compare
Choose a tag to compare

DOMPurify 3.2.0

11 Nov 15:09
f0d7507
Compare
Choose a tag to compare

DOMPurify 3.1.7

26 Sep 11:11
69c8c12
Compare
Choose a tag to compare
  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @christianhg
  • Added better support for Angular compiler, thanks @jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @Gigabyte5671 and @Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @masatokinugawa
  • Bumped several dependencies to be more up to date

DOMPurify 2.5.7

26 Sep 10:53
71683cb
Compare
Choose a tag to compare
  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa
  • Removed the foreignObject element from the list of HTML entry-points, thanks @masatokinugawa

DOMPurify 3.1.6

05 Jul 13:06
4083a90
Compare
Choose a tag to compare
  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks @Rotzbua
  • Updated several development dependencies

DOMPurify 2.5.6

05 Jul 13:04
d78f241
Compare
Choose a tag to compare
  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Updated several development dependencies

DOMPurify 3.1.5

31 May 09:22
6676133
Compare
Choose a tag to compare
  • Fixed a minor issue with the dist paths in bower.js, thanks @HakumenNC
  • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @kakao-bishop-cho