Changelog History
Page 9
-
v1.4.3 Changes
๐ invokes itself recursively until the markup stops changing to guard against this issue. Bump to htmlparser2 version 3.7.x.
-
v1.4.1 Changes
โ more tests.
-
v1.4.0 Changes
ability to allow all attributes or tags through by setting
allowedAttributes
and/orallowedTags
to false. Thanks to Anand Thakker. -
v1.3.0 Changes
attribs
now available on frames passed to exclusive filter. -
v1.2.3 Changes
๐ fixed another possible XSS attack vector; no definitive exploit was found but it looks possible. See this issue. Thanks to Jim O'Brien.
-
v1.2.2 Changes
๐ป reject
javascript:
URLs when disguised with an internal comment. This is probably not respected by browsers anyway except when inside an XML data island element, which you almost certainly are not allowing in yourallowedTags
, but we aim to be thorough. Thanks to Jim O'Brien. -
v1.2.1 Changes
๐ fixed crashing bug when presented with bad markup. The bug was in the
exclusiveFilter
mechanism. Unit test added. Thanks to Ilya Kantor for catching it. -
v1.2.0 Changes
The
allowedClasses
option now allows you to permit CSS classes in a fine-grained way.Text passed to your
exclusiveFilter
function now includes the text of child elements, making it more useful for identifying elements that truly lack any inner text.
-
v1.1.7 Changes
๐ use
he
for entity decoding, because it is more actively maintained. -
v1.1.6 Changes
allowedSchemes
option for those who want to permitdata
URLs and such.