Skip to content

Releases: cure53/DOMPurify

DOMPurify 1.0.3

08 Dec 10:58
@cure53 cure53
1.0.3
ee5d838
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 1.0.3
  • Added support for more attributes (srcset, crossdorigin etc.)
  • Fixed overzealous DOM clobbering protection
  • Added support for URI regex customization via ALLOWED_URI_REGEXP
Assets 2
Loading

DOMPurify 1.0.2

25 Aug 14:22
@cure53 cure53
1.0.2
7ba76fe
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 1.0.2
  • Made DOMPurify be fully CSP compliant
Assets 2
Loading

DOMPurify 1.0.1

21 Aug 07:51
@cure53 cure53
1.0.1
19f8c6f
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 1.0.1

Fixed various issues with the node.js loader
Fixed various issues with the test-suite

Assets 2
Loading

DOMPurify 1.0.0

15 Aug 15:16
@cure53 cure53
1.0.0
4d0115a
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 43A94EA3B4323240
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 1.0.0
  • Refactored DOMPurify to ES2016/ES2017
  • Fixed an exception on iOS Safari
  • Fixed a JSDOM related bug on node.js
  • Fixed numerous minor issues
  • Added markup profiles feature
Assets 2
Loading

DOMPurify 0.9.0

18 May 14:22
@cure53 cure53
0.9.0
d91304b
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 0.9.0
  • Fixed and worked around newly discovered variations of the Safari 10.1 - 10.2 XSS
  • Fixed unsafe document generation for Safari 10.1 and 10.2
  • Added feature test to spot additionally broken versions if necessary
  • Added a configuration flag to use persistent configuration
Assets 2
Loading

DOMPurify 0.8.9

03 May 06:21
@cure53 cure53
0.8.9
4465943
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 43A94EA3B4323240
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 0.8.9
  • Fixed another aspect of the Safari XSS
  • Added better checks for old Firefox mXSS
Assets 2
Loading

DOMPurify 0.8.7

25 Apr 07:49
@cure53 cure53
0.8.7
da2484d
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 43A94EA3B4323240
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 0.8.7
  • Cleaned up after Safari emergency fix
  • General code and comment clean-up
  • Added test for Firefox mXSS issue
  • Added more browsers to the test array

Big thanks go to Egor Karbutov @ShikariSenpai and Egor Saltykov @ansjdnakjdnajkd for spotting and reporting the Safari issue to FastMail!

Assets 2
Loading

0.8.6

21 Apr 13:56
@cure53 cure53
0.8.6
b317725
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
0.8.6
  • Fixed an XSS in Safari 10.1 and 10.2 introduced by a Safari browser bug
    • On Safari 10.1 and 10.2, this now actually causes XSS. Good job, Safari. Not.
    • new DOMParser().parseFromString('<svg onload=alert(document.domain)>', 'text/html');
  • Fixed a minor return value problem on MSIE11 (see #198)
  • Added new flag FORCE_BODY to enable better handling of HTML starting with style and other elements a browser might move into the header (see #199)
  • Added white-listing for ARIA attributes (see #203)
  • Fixed a minor bug in the URI white-list regex (see #200)
  • Fixed a bug where data URI attributes would be removed from SVG content (see #205)
Assets 2
Loading

DOMPurify 0.8.5

07 Feb 13:20
@cure53 cure53
0.8.5
4222069
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 0.8.5
  • Allowed users to pass DOM nodes for sanitization
  • Fixed a small problem with empty DOM fragments on MSIE11
  • Fixed removal of data: URIs in img-src when having whitespaces
  • Added more test coverage
Assets 2
Loading

DOMPurify 0.8.4

02 Nov 16:44
@cure53 cure53
0.8.4
9be8f9d
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
Compare
Choose a tag to compare
DOMPurify 0.8.4
  • Made the uponSanitizeElement and uponSanitizeAttribute hooks more powerful (see #184)
  • Updated MentalJS sandbox in the demo folder
Assets 2
Loading