Skip to content

Releases: cure53/DOMPurify

DOMPurify 0.6.6

15 Sep 09:18
@cure53 cure53
0.6.6
6c15eff
Compare
Choose a tag to compare
DOMPurify 0.6.6
  • Fixed around an MSIE/Edge bug causing freezes #89
  • Changed from MPL-2.0 to a dual license of Apache-2.0 and MPL-2.0
  • Fixed all tests for Microsoft Edge
Assets 2
Loading

DOMPurify 0.6.5

04 Aug 13:07
@cure53 cure53
0.6.5
0a4a0cd
Compare
Choose a tag to compare
DOMPurify 0.6.5
  • New CSS sanitizer demo hook
  • New HTTP proxy demo hook
  • New URI scheme white-list demo hook
  • Better compatibility with Microsoft Edge
  • Better tolerance for custom data attributes
  • Fixed a crash on Firefox
  • Fixed id and name attribute checks
  • Multiple minor fixes and performance enhancements
  • Better documentation
Assets 2
Loading

DOMPurify 0.6.4

26 May 10:48
@cure53 cure53
0.6.4
b8b3ab6
Compare
Choose a tag to compare
DOMPurify 0.6.4
  • DOMPurify can now use a custom-made window object
  • Added hooks can now be removed and flushed
  • A possible clobbering effect for has been mitigated
  • Optimizations for RTE / Copy&Paste compatibility
  • Test suite has been optimized for better error output
  • Fixed a crash in Safari
  • Updated MentalJS library in demo hooks
Assets 2
Loading

DOMPurify 0.6.3

07 Apr 13:59
@cure53 cure53
0.6.3
df25a9c
Compare
Choose a tag to compare
DOMPurify 0.6.3
  • Merged countless optimizations and beautifications by @neilj
  • Optimized performance thanks to @neilj
  • Fixed a minor bug with the RETURN_DOM flag thanks to @neilj
  • Detailed list of changes: #52
Assets 2
Loading

DOMPurify 0.6.2

31 Mar 13:44
@cure53 cure53
0.6.2
eff80b0
Compare
Choose a tag to compare
DOMPurify 0.6.2
  • Added hook demo for MentalJS JavaScript sandbox
  • Fixed a typo in the hook labels
  • Added additional hooks with meta-data objects
  • Fixed the tests for Project Spartan 0.10.10049
Assets 2
Loading

DOMPurify 0.6.1

23 Feb 08:45
@cure53 cure53
0.6.1
36e1bf6
Compare
Choose a tag to compare
DOMPurify 0.6.1
  • Fixed several security issues identified by a 3rd party code audit
  • Removed support for MSIE9
  • Enabled toStaticHTML fallback for MSIE9
Assets 2
Loading

DOMPurify 0.6.0

16 Feb 12:58
@cure53 cure53
0.6.0
e5735cd
Compare
Choose a tag to compare
DOMPurify 0.6.0

Important: This is a feature-release, not a security update.

  • Added Hook API to allow custom extensions and plugins
  • Added config flag FORBID_TAGS to blacklist specific tags
  • Added config flag FORBID_ATTR to blacklist specific attributes
  • Added demo folder with various showcases / usage examples
  • Extended unit tests
  • Added version label to DOMPurify object
Assets 2
Loading

DOMPurify 0.4.5

16 Jan 12:18
@cure53 cure53
0.4.5
d2d3130
Compare
Choose a tag to compare
DOMPurify 0.4.5
  • Fixed a minor DOM clobbering issue reported by @filedescriptor
  • Made sure present but empty DOM properties cannot be clobbered
  • Made sure that document.all cannot be clobbered by avoiding typeof
Assets 2
Loading

DOMPurify 0.4.4

13 Oct 11:24
@cure53 cure53
0.4.4
2f562ba
Compare
Choose a tag to compare
DOMPurify 0.4.4
  • Fixed a bug in the clobber detection potentially leading to XSS, thanks @avlidienbrunn
  • Fixed an undefined error
  • Fixed a range error
  • Added a pre-test for better performance
Assets 2
Loading

DOMPurify 0.4.3

04 Oct 12:41
@fhemberger fhemberger
0.4.3
db63f5f
Compare
Choose a tag to compare
DOMPurify 0.4.3

Add Common JS support for browserify (Node.js is not supported yet)

Assets 2
Loading