Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1bf9e2a4b0dae8b2dea57fe97cf110d5b07cd494
Choose a base ref
...
head repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9de5b19e5d701db408318df0f2935c74b25b7b09
Choose a head ref
3 contributors

Commits on May 4, 2021

  1. See #535 

    fix: possibly fixed an unwanted x-frame behavior in Blink
    @cure53
    cure53 committed May 4, 2021
    Copy the full SHA
    573f493 View commit details

Commits on May 7, 2021

  1. fix: handle invalid xml

    @NateScarlet
    NateScarlet committed May 7, 2021
    Copy the full SHA
    a401dc4 View commit details

  2. style: fix lint issues

    @NateScarlet
    NateScarlet committed May 7, 2021
    Copy the full SHA
    97b5566 View commit details

  3. test: add html cases to `Test invalid xml'

    @NateScarlet
    NateScarlet committed May 7, 2021
    Copy the full SHA
    9658c6b View commit details

  4. Merge pull request #537 from NateScarlet/handle-invalid-xml 

    fix: handle invalid xml
    @cure53
    cure53 authored May 7, 2021
    Copy the full SHA
    c9e23fb View commit details

  5. doc: credited NateScarlet as contributor on README

    @cure53
    cure53 committed May 7, 2021
    Copy the full SHA
    1c4b8dd View commit details

  6. test: Fixed the tests for MSIE10 & MSIE11

    @cure53
    cure53 committed May 7, 2021
    Copy the full SHA
    bb71e0e View commit details

  7. fix: handle empty input

    @NateScarlet
    NateScarlet committed May 7, 2021
    Copy the full SHA
    578fbfb View commit details

  8. Merge pull request #538 from NateScarlet/handle-empty-input 

    fix: handle empty input
    @cure53
    cure53 authored May 7, 2021
    Copy the full SHA
    902fd01 View commit details

Commits on May 11, 2021

  1. chore(deps): bump lodash from 4.17.20 to 4.17.21 

    Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored May 11, 2021
    Copy the full SHA
    ab843f1 View commit details

  2. chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 

    Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.8.8...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored May 11, 2021
    Copy the full SHA
    689c400 View commit details

  3. Merge pull request #540 from cure53/dependabot/npm_and_yarn/hosted-gi… 

    …t-info-2.8.9

chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9
    @cure53
    cure53 authored May 11, 2021
    Copy the full SHA
    5b64f9c View commit details

  4. Merge pull request #539 from cure53/dependabot/npm_and_yarn/lodash-4.… 

    …17.21

chore(deps): bump lodash from 4.17.20 to 4.17.21
    @cure53
    cure53 authored May 11, 2021
    Copy the full SHA
    61350cf View commit details

  5. chore: updated packages

    @cure53
    cure53 committed May 11, 2021
    Copy the full SHA
    5ebc058 View commit details

  6. chore: rolled back some package upgrades

    @cure53
    cure53 committed May 11, 2021
    Copy the full SHA
    d5bfe3a View commit details

  7. Merge branch 'main' of github.com:cure53/DOMPurify into main

    @cure53
    cure53 committed May 11, 2021
    Copy the full SHA
    4fbba29 View commit details

  8. chore: rolled back changes in packages.json

    @cure53
    cure53 committed May 11, 2021
    Copy the full SHA
    a5628f7 View commit details

  9. chore: fixed outdated packages

    @cure53
    cure53 committed May 11, 2021
    Copy the full SHA
    bc4f2ec View commit details

  10. test: fixed a test for MSIE11

    @cure53
    cure53 committed May 11, 2021
    Copy the full SHA
    f4e594a View commit details

Commits on May 26, 2021

  1. fix: namespace should default to html 

    not previous namespace
    @NateScarlet
    NateScarlet committed May 26, 2021
    Copy the full SHA
    314aba9 View commit details

  2. fix: empty input cause all pending non-html input become empty

    @NateScarlet
    NateScarlet committed May 26, 2021
    Copy the full SHA
    4fbbdf6 View commit details

  3. Merge pull request #541 from NateScarlet/fix-default-namespace 

    Fix issues caused by missing config reset
    @cure53
    cure53 authored May 26, 2021
    Copy the full SHA
    dde2bdf View commit details

  4. test: fixed tests for MSIE11 and 11

    @cure53
    cure53 committed May 26, 2021
    Copy the full SHA
    cb3be7a View commit details

Commits on Jun 1, 2021

  1. chore: Preparing 2.2.9 release

    @cure53
    cure53 committed Jun 1, 2021
    Copy the full SHA
    9de5b19 View commit details
Showing with 15,643 additions and 689 deletions.
  1. +2 −2 README.md
  2. +1 −1 bower.json
  3. +14 −9 dist/purify.cjs.js
  4. +1 −1 dist/purify.cjs.js.map
  5. +14 −9 dist/purify.es.js
  6. +1 −1 dist/purify.es.js.map
  7. +14 −9 dist/purify.js
  8. +1 −1 dist/purify.js.map
  9. +1 −1 dist/purify.min.js
  10. +1 −1 dist/purify.min.js.map
  11. +15,467 −621 package-lock.json
  12. +10 −11 package.json
  13. +1 −1 src/attrs.js
  14. +19 −17 src/purify.js
  15. +1 −1 src/regexp.js
  16. +1 −1 src/tags.js
  17. +92 −0 test/test-suite.js
  18. +2 −2 website/index.html
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version 2.2.8.
It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version 2.2.9.

DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Internet Explorer (10+), Edge, Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses [a fall-back](#what-about-older-browsers-like-msie8) or simply does nothing.

@@ -337,7 +337,7 @@ Feature releases will not be announced to this list.

Many people helped and help DOMPurify become what it is and need to be acknowledged here!

[granlem 💸](https://twitter.com/MaximeVeit), [oreoshake 💸](https://github.com/oreoshake), [dcramer 💸](https://github.com/dcramer),[tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro), [@CmdEngineer_](https://twitter.com/CmdEngineer_), [@avr4mit](https://twitter.com/avr4mit) and especially [@securitymb ❤️](https://twitter.com/securitymb) & [@masatokinugawa ❤️](https://twitter.com/masatokinugawa)
[granlem 💸](https://twitter.com/MaximeVeit), [oreoshake 💸](https://github.com/oreoshake), [dcramer 💸](https://github.com/dcramer),[tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [NateScarlet](https://github.com/NateScarlet), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro), [@CmdEngineer_](https://twitter.com/CmdEngineer_), [@avr4mit](https://twitter.com/avr4mit) and especially [@securitymb ❤️](https://twitter.com/securitymb) & [@masatokinugawa ❤️](https://twitter.com/masatokinugawa)

## Testing powered by
<a target="_blank" href="https://www.browserstack.com/"><img width="200" src="https://www.browserstack.com/images/layout/browserstack-logo-600x315.png"></a><br>
2 changes: 1 addition & 1 deletion bower.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "DOMPurify",
"version": "2.2.8",
"version": "2.2.9",
"homepage": "https://github.com/cure53/DOMPurify",
"author": "Cure53 <info@cure53.de>",
"description": "A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG",
23 changes: 14 additions & 9 deletions dist/purify.cjs.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading