Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency dompurify to v0.9.0 #8

Merged
merged 1 commit into from
Jan 5, 2021
Merged

chore(deps): update dependency dompurify to v0.9.0 #8

merged 1 commit into from
Jan 5, 2021

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Mar 14, 2020
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Update Change
dompurify (source) minor 0.8.2 -> 0.9.0

Release Notes

cure53/DOMPurify

v0.9.0

Compare Source

  • Fixed and worked around newly discovered variations of the Safari 10.1 - 10.2 XSS
  • Fixed unsafe document generation for Safari 10.1 and 10.2
  • Added feature test to spot additionally broken versions if necessary
  • Added a configuration flag to use persistent configuration

v0.8.9

Compare Source

  • Fixed another aspect of the Safari XSS
  • Added better checks for old Firefox mXSS

v0.8.8

Compare Source

v0.8.7

Compare Source

  • Cleaned up after Safari emergency fix
  • General code and comment clean-up
  • Added test for Firefox mXSS issue
  • Added more browsers to the test array

Big thanks go to Egor Karbutov @​ShikariSenpai and Egor Saltykov @​ansjdnakjdnajkd for spotting and reporting the Safari issue to FastMail!

v0.8.6

Compare Source

  • Fixed an XSS in Safari 10.1 and 10.2 introduced by a Safari browser bug
    • On Safari 10.1 and 10.2, this now actually causes XSS. Good job, Safari. Not.
    • new DOMParser().parseFromString('<svg onload=alert(document.domain)>', 'text/html');
  • Fixed a minor return value problem on MSIE11 (see #​198)
  • Added new flag FORCE_BODY to enable better handling of HTML starting with style and other elements a browser might move into the header (see #​199)
  • Added white-listing for ARIA attributes (see #​203)
  • Fixed a minor bug in the URI white-list regex (see #​200)
  • Fixed a bug where data URI attributes would be removed from SVG content (see #​205)

v0.8.5

Compare Source

  • Allowed users to pass DOM nodes for sanitization
  • Fixed a small problem with empty DOM fragments on MSIE11
  • Fixed removal of data: URIs in img-src when having whitespaces
  • Added more test coverage

v0.8.4

Compare Source

  • Made the uponSanitizeElement and uponSanitizeAttribute hooks more powerful (see #​184)
  • Updated MentalJS sandbox in the demo folder

v0.8.3

Compare Source

  • Reduced the NPM package footprint

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot changed the title Update dependency dompurify to v0.9.0 chore(deps): update dependency dompurify to v0.9.0 Jan 5, 2021
@renovate renovate bot force-pushed the renovate/dompurify-0.x branch from 322b560 to 836b63a Compare January 5, 2021 23:04
@JasonSooter JasonSooter merged commit b1d1821 into master Jan 5, 2021
@JasonSooter JasonSooter deleted the renovate/dompurify-0.x branch January 5, 2021 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JasonSooter @renovate-bot