DOMPurify 2.3.4

• Added support for Custom Elements, thanks @franktopel
• Added new config settings to control Custom Element sanitizing, thanks @franktopel
• Added faster clobber checks, thanks @GrantGryczan
• Allow-listed SVG feImage elements, thanks @ydaniv
• Updated test suite
• Update supported Node versions
• Updated README

DOMPurify 2.3.3

• Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @securitum-mb
• Adjusted the tests for MSIE to make sure the results are as expected now

DOMPurify 2.3.2

• Added new config option PARSER_MEDIA_TYPE, thanks @tosmolka

DOMPurify 2.3.1

• Added code to make FORBID_CONTENTS setting configurable
• Added role to URI-safe attributes
• Added more paranoid handling for template elements

DOMPurify 2.3.0

• Added better handling of document creation on Firefox
• Added better handling of version numbers in license file
• Added two new browser versions to test suite config
• Fixed a bug with handling of custom data attributes

DOMPurify 2.2.9

• Fixed some minor issues related to the NAMESPACE config
• Fixed some minor issues relating to empty input
• Fixed some minor issues relating to handling of invalid XML

DOMPurify 2.2.8

• Added NAMESPACE config option, thanks @NateScarlet
• Added better fallback for older browsers & PhantomJS, thanks @albanx
• Extended allow-list for SVG attributes a bit

DOMPurify 2.2.7

• Fixed handling of unsupported browsers, i.e. Safari 9 and older
• Fixed various minor bugs and typos in README and examples
• Added better handling of potentially harmful "is" attributes
• Added better handling of lookupGetter functionality

DOMPurify 2.2.6

• Added new mXSS prevention logic created by SecurityMB

DOMPurify 2.2.4

• Fixed a new MathML-based bypass submitted by PewGrand
• Fixed a new SVG-related bypass submitted by SecurityMB
• Updated NodeJS CI to Node 14.x and Node 15.x
• Cleaned up _forceRemove logic for better reliability