Skip to content

Commit

Permalink
changelog credit
Browse files Browse the repository at this point in the history
  • Loading branch information
boutell committed Jan 26, 2021
1 parent 6012524 commit fd3cb54
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

## 2.3.2 (2021-01-26):
- Additional fixes for iframe validation exploits. Prevent exploits based on browsers' tolerance of the use of "\" rather than "/" and the presence of whitespace at this point in the URL. Thanks to Ron Masas of [Checkmarx](https://www.checkmarx.com/) for pointing out the issue and writing unit tests.
- Documentation correction for `yarn` users. Thanks to Tagir Khadzhiev.

## 2.3.1 (2021-01-22):
- Uses the standard WHATWG URL parser to stop IDNA (Internationalized Domain Name) attacks on the iframe hostname validator. Thanks to Ron Masas of [Checkmarx](https://www.checkmarx.com/) for pointing out the issue and suggesting the use of the WHATWG parser.
Expand Down

0 comments on commit fd3cb54

Please sign in to comment.