Sourced from dompurify's\nreleases.
\n\n\nDOMPurify 2.5.4
\n\n
\n- Fixed a bug with latest
\nisNaN
checks affecting MSIE,\nthanks@tulach
- Fixed the tests for MSIE and fixed related test-runner
\nDOMPurify 2.5.3
\n\n
\n- Fixed several mXSS variations found by and thanks to
\n@kevin-mizu
&\n@Ry0taK
- Added better configurability for comment scrubbing default\nbehavior
\n- Added better hardening against Prototype Pollution attacks, thanks\n
\n@kevin-mizu
- Fixed some smaller issues in README and other documentation
\nDOMPurify 2.5.2
\n\n
\n- Addressed and fixed a mXSS variation found by
\n@kevin-mizu
- Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
\n- Updated tests for older Safari and Chrome versions
\nDOMPurify 2.5.1
\n\n
\n- Fixed an mXSS sanitizer bypass reported by
\n@icesfont
- Added new code to track element nesting depth
\n- Added new code to enforce a maximum nesting depth of 255
\n- Added coverage tests and necessary clobbering protections
\nNote that this is a security release and should be upgraded\nto immediately. Please also note that further releases may follow as the\nunderlying vulnerability is apparently new and further variations may be\ndiscovered.
\nDOMPurify 2.5.0
\n\n
\n- Added new setting
\nSAFE_FOR_XML
to enable better control\nover comment scrubbing- Updated the LICENSE file to show the accurate year number
\n- Updated several build and test dependencies
\nDOMPurify 2.4.9
\n\n
\n- Fixed another conditional bypass caused by Processing Instructions,\nthanks
\n@Ry0taK
- Fixed the regex for HTML Custom Element detection, thanks
\n@AlekseySolovey3T
DOMPurify 2.4.8
\n\n
\n- Fixed two possible bypasses when sanitizing an XML document and\nlater using it in HTML, thanks
\n@Slonser
DOMPurify 2.4.7
\n\n
\n- Fixed a licensing issue spotted and reported by
\n@george-thomas-hill
DOMPurify 2.4.6
\n\n
\n- Fixed a bypass in jsdom 22 in case the
\nnoframes
element\nis permitted, thanks@leeN
DOMPurify 2.4.5
\n\n
\n- Fixed a problem with improper reset of custom HTML options, thanks\n
\n@ammaraskar
DOMPurify 2.4.4
\n\n
\n- Added support for
\nALLOW_SELF_CLOSE_IN_ATTR
flag, thanks\n@edg2s
@AndreVirtimo
- Added better support for
\nshadowrootmode
, thanks@mfreed7
DOMPurify 2.4.3
\n\n
\n\n- Final release that is compatible with MSIE10 & MSIE 11
\n
... (truncated)
\n10c1261
\ndocs: Updated README ever so slightly1c92880
\ntest: Fixed two more tests for MSIE11 and Edge 181401208
\ntest: Fixed more tests for MSIE and Edge 182c6410a
\ntest: Fixed several new tests for MSIE11 and Edge 182c9bca9
\ntest: Changed github config to include MSIE tests for 2.xb188787
\nchore: Preparing 2.5.4 release707b3d6
\nfix: Added a better for for the MSIE iNaN issue62fe3be
\ntest: Attempting to get MSIE 11 back into the browser test arrayf3a9710
\nfix: Fixed an issue with MSIE and no support for Number.isNaNe1ddfc7
\nMerge branch '2.x' of github.com:cure53/DOMPurify into 2.x