All Versions
94
Latest Version
Avg Release Cycle
27 days
Latest Release
32 days ago

Changelog History
Page 6

  • v1.14.1 Changes

    ๐Ÿš€ documented allowProtocolRelative option. No code changes from 1.14.0, released a few moments ago.

  • v1.14.0 Changes

    the new allowProtocolRelative option, which is set to true by default, allows you to decline to accept URLs that start with // and thus point to a different host using the current protocol. If you do not want to permit this, set this option to false. This is fully backwards compatible because the default behavior is to allow them. Thanks to Luke Bernard.

  • v1.13.0 Changes

    transformTags can now add text to an element that initially had none. Thanks to Dushyant Singh.

  • v1.12.0 Changes

    ๐Ÿ— option to build for browser-side use. Thanks to Michael Blum.

  • v1.11.4 Changes

    fixed crash when __proto__ is a tag name. Now using a safe check for the existence of properties in all cases. Thanks to Andrew Krasichkov.

    ๐Ÿ›  Fixed XSS attack vector via textarea tags (when explicitly allowed). Decided that script (obviously) and style (due to its own XSS vectors) cannot realistically be afforded any XSS protection if allowed, unless we add a full CSS parser. Thanks again to Andrew Krasichkov.

  • v1.11.3 Changes

    โฌ†๏ธ bumped htmlparser2 version to address crashing bug in older version. Thanks to e-jigsaw.

  • v1.11.2 Changes

    ๐Ÿ›  fixed README typo that interfered with readability due to markdown issues. No code changes. Thanks to Mikael Korpela. Also improved code block highlighting in README. Thanks to Alex Siman.

  • v1.11.1 Changes

    ๐Ÿ›  fixed a regression introduced in 1.11.0 which caused the closing tag of the parent of a textarea tag to be lost. Thanks to Stefano Sala, who contributed the missing test.

  • v1.11.0 Changes

    โž• added the nonTextTags option, with tests.

  • v1.10.1 Changes

    ๐Ÿ“š documentation cleanup. No code changes. Thanks to Rex Schrader.