Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

cure53 / DOMPurify Public

Notifications You must be signed in to change notification settings
Fork 726
Star 14k

Code
Issues 2
Pull requests 1
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Releases: cure53/DOMPurify

Releases Tags

Releases · cure53/DOMPurify

DOMPurify 2.3.0

06 Jul 10:28

cure53

2.3.0

e15ae1e

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.3.0

Added better handling of document creation on Firefox
Added better handling of version numbers in license file
Added two new browser versions to test suite config
Fixed a bug with handling of custom data attributes

Assets 2

kylebambrick, henryleberre, and razh reacted with thumbs up emoji

All reactions

👍 3 reactions

3 people reacted

DOMPurify 2.2.9

01 Jun 11:24

cure53

2.2.9

9de5b19

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.9

Fixed some minor issues related to the NAMESPACE config
Fixed some minor issues relating to empty input
Fixed some minor issues relating to handling of invalid XML

Assets 2

NateScarlet and kozi reacted with thumbs up emoji

All reactions

👍 2 reactions

2 people reacted

DOMPurify 2.2.8

28 Apr 08:06

cure53

2.2.8

1bf9e2a

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.8

Added NAMESPACE config option, thanks @NateScarlet
Added better fallback for older browsers & PhantomJS, thanks @albanx
Extended allow-list for SVG attributes a bit

Assets 2

All reactions

DOMPurify 2.2.7

12 Mar 15:22

cure53

2.2.7

a9ad5be

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.7

Fixed handling of unsupported browsers, i.e. Safari 9 and older
Fixed various minor bugs and typos in README and examples
Added better handling of potentially harmful "is" attributes
Added better handling of lookupGetter functionality

Assets 2

All reactions

DOMPurify 2.2.6

18 Dec 15:18

cure53

2.2.6

b11cb72

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.6

Added new mXSS prevention logic created by SecurityMB

Assets 2

All reactions

DOMPurify 2.2.4

15 Dec 16:36

cure53

2.2.4

499b3bb

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.4

Fixed a new MathML-based bypass submitted by PewGrand
Fixed a new SVG-related bypass submitted by SecurityMB
Updated NodeJS CI to Node 14.x and Node 15.x
Cleaned up _forceRemove logic for better reliability

Assets 2

All reactions

DOMPurify 2.2.3

07 Dec 13:25

cure53

2.2.3

e7086f7

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.3

Fixed an mXSS issue reported by PewGrand
Fixed a minor issue with the license header
Fixed a problem with overly-eager CSS stripping
Updated the README and removed an XSS warning

Assets 2

All reactions

DOMPurify 2.2.2

02 Nov 20:04

cure53

2.2.2

7923e10

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.2

Fixed an mXSS bypass dropped on us publicly via #482
Fixed an mXSS variation that was reported privately short after
Added dialog to permitted elements list
Fixed a small typo in the README

Assets 2

All reactions

DOMPurify 2.2.0

21 Oct 07:30

cure53

2.2.0

0e31dce

This commit was signed with the committer’s verified signature.

cure53 Cure53

GPG key ID: 5F0CDACD24BB6BF4

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

DOMPurify 2.2.0

Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features, reported by @neilj and @mfreed7
Changed RETURN_DOM_IMPORT default to true to address said possible XSS
Updated README to reflect the new change and inform about the risks of manually setting RETURN_DOM_IMPORT back to false
Fixed the tests to properly address the new default