Skip to content

Releases: cure53/DOMPurify

DOMPurify 0.6.3

07 Apr 13:59
Compare
Choose a tag to compare
  • Merged countless optimizations and beautifications by @neilj
  • Optimized performance thanks to @neilj
  • Fixed a minor bug with the RETURN_DOM flag thanks to @neilj
  • Detailed list of changes: #52

DOMPurify 0.6.2

31 Mar 13:44
Compare
Choose a tag to compare
  • Added hook demo for MentalJS JavaScript sandbox
  • Fixed a typo in the hook labels
  • Added additional hooks with meta-data objects
  • Fixed the tests for Project Spartan 0.10.10049

DOMPurify 0.6.1

23 Feb 08:45
Compare
Choose a tag to compare
  • Fixed several security issues identified by a 3rd party code audit
  • Removed support for MSIE9
  • Enabled toStaticHTML fallback for MSIE9

DOMPurify 0.6.0

16 Feb 12:58
Compare
Choose a tag to compare

Important: This is a feature-release, not a security update.

  • Added Hook API to allow custom extensions and plugins
  • Added config flag FORBID_TAGS to blacklist specific tags
  • Added config flag FORBID_ATTR to blacklist specific attributes
  • Added demo folder with various showcases / usage examples
  • Extended unit tests
  • Added version label to DOMPurify object

DOMPurify 0.4.5

16 Jan 12:18
Compare
Choose a tag to compare
  • Fixed a minor DOM clobbering issue reported by @filedescriptor
  • Made sure present but empty DOM properties cannot be clobbered
  • Made sure that document.all cannot be clobbered by avoiding typeof

DOMPurify 0.4.4

13 Oct 11:24
Compare
Choose a tag to compare
  • Fixed a bug in the clobber detection potentially leading to XSS, thanks @avlidienbrunn
  • Fixed an undefined error
  • Fixed a range error
  • Added a pre-test for better performance

DOMPurify 0.4.3

04 Oct 12:41
Compare
Choose a tag to compare

Add Common JS support for browserify (Node.js is not supported yet)

DOMPurify 0.4.2

03 Jun 18:37
Compare
Choose a tag to compare
  • Fixed a security issue in WebKit/Blink leading to a bypass (discovered & reported by Tom Ritter of iSEC Partners)
  • Extended test-suite

DOMPurify 0.4

11 May 12:50
Compare
Choose a tag to compare
  • Added tests for config flags
  • Fixed a config var assignment bug
  • Solved MSIE + jQuery performance issues

DOMPurify 0.3

07 Apr 08:10
Compare
Choose a tag to compare
  • Extended HTML suppport
  • Extended SVG support
  • Extended MathML support
  • Safe against XSS and DOM Clobbering Attacks
  • Safe to use with jQuery's elm.html() and $()
  • Safe handling of Data URIs
  • New config flags
  • More tolerant with text nodes
  • IE9 compatible