Releases: cure53/DOMPurify
Releases · cure53/DOMPurify
DOMPurify 3.2.5
- Added a check to the mXSS detection regex to be more strict, thanks @masatokinugawa
- Added ESM type imports in source, removes patch function, thanks @donmccurdy
- Added script to verify various TypeScript configurations, thanks @reduckted
- Added more modern browsers to the Karma launchers list
- Added Node 23.x to tested runtimes, removed Node 17.x
- Fixed the generation of source maps, thanks @reduckted
- Fixed an unexpected behavior with
ALLOWED_URI_REGEXPusing the 'g' flag, thanks @hhk-png - Fixed a few typos in the README file
Contributors
masatokinugawa, donmccurdy, and 2 other contributors
Assets 2
DOMPurify 3.2.4
- Fixed a conditional and config dependent mXSS-style bypass reported by @nsysean
- Added a new feature to allow specific hook removal, thanks @davecardwell
- Added purify.js and purify.min.js to exports, thanks @Aetherinox
- Added better logic in case no window object is president, thanks @yehuya
- Updated some dependencies called out by dependabot
- Updated license files etc to show the correct year
Contributors
davecardwell, yehuya, and 2 other contributors
Assets 2
DOMPurify 3.2.3
- Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser
- Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409
Contributors
parrot409
Assets 2
DOMPurify 2.5.8
- Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser
- Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409
Contributors
parrot409
Assets 2
DOMPurify 3.2.2
- Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @Yaniv-git
- Fixed several minor issues with the type definitions, thanks again @reduckted
- Fixed a minor issue with the types reference for trusted types, thanks @reduckted
- Fixed a minor problem with the template detection regex on some systems, thanks @svdb99
Contributors
reduckted, svdb99, and Yaniv-git
Assets 2
DOMPurify 3.2.1
- Fixed several minor issues with the type definitions, thanks @reduckted @ghiscoding @asamuzaK @MiniDigger
- Fixed an issue with non-minified dist files and order of imports, thanks @reduckted
Contributors
ghiscoding, MiniDigger, and 2 other contributors
Assets 2
DOMPurify 3.2.0
- Added type declarations, thanks @reduckted , @philmayfield, @aloisklink, @ssi02014 and others
- Fixed a minor issue with the handling of hooks, thanks @kevin-mizu
Contributors
philmayfield, reduckted, and 3 other contributors
Assets 2
DOMPurify 3.1.7
- Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa
- Fixed several smaller typos in documentation and test & build files, thanks @christianhg
- Added better support for Angular compiler, thanks @jeroen1602
- Added several new attributes to HTML and SVG allow-list, thanks @Gigabyte5671 and @Rotzbua
- Removed the
foreignObjectelement from the list of HTML entry-points, thanks @masatokinugawa - Bumped several dependencies to be more up to date
Contributors
jeroen1602, masatokinugawa, and 3 other contributors
Assets 2
DOMPurify 2.5.7
- Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa
- Removed the
foreignObjectelement from the list of HTML entry-points, thanks @masatokinugawa
Contributors
masatokinugawa
Assets 2
DOMPurify 3.1.6
- Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu
- Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @realansgar
- Fixed a minor problem with the bower file pointing to the wrong dist path
- Fixed several minor typos in docs, comments and comment blocks, thanks @Rotzbua
- Updated several development dependencies
Contributors
Rotzbua, realansgar, and kevin-mizu