Skip to content

DOMPurify 2.0.3
Compare
Choose a tag to compare
@cure53 cure53 released this 25 Sep 16:26
2.0.3
d16ba74
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 43A94EA3B4323240
Learn about vigilant mode.
  • Fixed another mXSS variation affecting Chrome, Safari and Edge relating to HTML templates
  • Fixed a bug in the config parser leading to unexpected results

Credits for the bypass again go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix 🙇‍♂️ 🙇‍♀️

Assets 2
Loading