Releases: cure53/DOMPurify
Releases · cure53/DOMPurify
DOMPurify 0.6.3
DOMPurify 0.6.2
- Added hook demo for MentalJS JavaScript sandbox
- Fixed a typo in the hook labels
- Added additional hooks with meta-data objects
- Fixed the tests for Project Spartan 0.10.10049
DOMPurify 0.6.1
- Fixed several security issues identified by a 3rd party code audit
- Removed support for MSIE9
- Enabled toStaticHTML fallback for MSIE9
DOMPurify 0.6.0
Important: This is a feature-release, not a security update.
- Added Hook API to allow custom extensions and plugins
- Added config flag
FORBID_TAGS
to blacklist specific tags - Added config flag
FORBID_ATTR
to blacklist specific attributes - Added demo folder with various showcases / usage examples
- Extended unit tests
- Added version label to DOMPurify object
DOMPurify 0.4.5
- Fixed a minor DOM clobbering issue reported by @filedescriptor
- Made sure present but empty DOM properties cannot be clobbered
- Made sure that
document.all
cannot be clobbered by avoidingtypeof
DOMPurify 0.4.4
- Fixed a bug in the clobber detection potentially leading to XSS, thanks @avlidienbrunn
- Fixed an undefined error
- Fixed a range error
- Added a pre-test for better performance
DOMPurify 0.4.3
Add Common JS support for browserify (Node.js is not supported yet)
DOMPurify 0.4.2
- Fixed a security issue in WebKit/Blink leading to a bypass (discovered & reported by Tom Ritter of iSEC Partners)
- Extended test-suite
DOMPurify 0.4
- Added tests for config flags
- Fixed a config var assignment bug
- Solved MSIE + jQuery performance issues
DOMPurify 0.3
- Extended HTML suppport
- Extended SVG support
- Extended MathML support
- Safe against XSS and DOM Clobbering Attacks
- Safe to use with jQuery's
elm.html()
and$()
- Safe handling of Data URIs
- New config flags
- More tolerant with text nodes
- IE9 compatible