DOMPurify v2.0.16 Release Notes
Release Date: 2020-09-18 // over 3 years ago-
- π Fixed an mXSS-based bypass caused by nested forms inside MathML
- π Fixed a security error thrown on older Chrome on Android versions, see #470
π± Credits for the bypass go to MichaΕ Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix πββοΈ πββοΈ