Skip to content

DOMPurify 2.2.0
Compare
Choose a tag to compare
@cure53 cure53 released this 21 Oct 07:30
· 736 commits to main since this release
2.2.0
0e31dce
This commit was signed with the committer’s verified signature.
cure53 Cure53
GPG key ID: 5F0CDACD24BB6BF4
Learn about vigilant mode.
  • Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features, reported by @neilj and @mfreed7
  • Changed RETURN_DOM_IMPORT default to true to address said possible XSS
  • Updated README to reflect the new change and inform about the risks of manually setting RETURN_DOM_IMPORT back to false
  • Fixed the tests to properly address the new default
Assets 2
Loading