Skip to content

Commit

Permalink
chore: preparing 2.4.5 release
Browse files Browse the repository at this point in the history
  • Loading branch information
cure53 committed Feb 26, 2023
1 parent fa4e8ee commit f464d95
Show file tree
Hide file tree
Showing 13 changed files with 23 additions and 19 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version 2.4.4.
It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version 3.0.0.

DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Internet Explorer (10+), Edge, Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses [a fall-back](#what-about-older-browsers-like-msie8) or simply does nothing.

**Note that DOMPurify v2.4.4 is the final version supporting MSIE. For important security updates compatible with MSIE, please use the 2.x branch.**
**Note that DOMPurify v2.4.5 is the final version supporting MSIE. For important security updates compatible with MSIE, please use the 2.x branch.**

Our automated tests cover [19 different browsers](https://github.com/cure53/DOMPurify/blob/main/test/karma.custom-launchers.config.js#L5) right now, more to come. We also cover Node.js v14.x, v16.x, v17.x and v18.x, running DOMPurify on [jsdom](https://github.com/jsdom/jsdom). Older Node versions are known to work as well, but hey... no guarantees.

Expand Down
5 changes: 3 additions & 2 deletions dist/purify.cjs.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.cjs.js.map

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions dist/purify.es.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.es.js.map

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions dist/purify.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions dist/purify.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@
},
"name": "dompurify",
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
"version": "2.4.4",
"version": "2.4.5",
"directories": {
"test": "test"
},
Expand Down
3 changes: 2 additions & 1 deletion src/purify.js
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ function createDOMPurify(window = getGlobal()) {
* @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)
* @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.
*/
const CUSTOM_ELEMENT_HANDLING = Object.seal(
let CUSTOM_ELEMENT_HANDLING = Object.seal(
Object.create(null, {
tagNameCheck: {
writable: true,
Expand Down Expand Up @@ -485,6 +485,7 @@ function createDOMPurify(window = getGlobal()) {
IN_PLACE = cfg.IN_PLACE || false; // Default false
IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI;
NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;
CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};
if (
cfg.CUSTOM_ELEMENT_HANDLING &&
isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)
Expand Down
2 changes: 1 addition & 1 deletion website/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html>
<head>
<meta charset="UTF-8">
<title>DOMPurify 2.4.3 "Final Countdown"</title>
<title>DOMPurify 2.4.5 "Final Countdown"</title>
<script src="../dist/purify.min.js"></script>
<!-- we don't actually need it - just to demo and test the $(html) sanitation -->
<script src="//code.jquery.com/jquery-3.2.0.min.js"></script>
Expand Down

0 comments on commit f464d95

Please sign in to comment.