- Removes the use of octal literals in strict mode, which were breaking downstream tools. They are replaced with decimal literals of the same values.
- SECURITY RELEASE: Increased vigilance around
<iframe>input: instead of reducing iframes attribute-by-attribute and allowing them to have contents, remove their contents entirely from the page by changing their eflags value to 0.
- Updated
package.jsonwith correct repository URL - Cleaned up tests