sanitize-html v1.14.0 Release Notes

  • the new allowProtocolRelative option, which is set to true by default, allows you to decline to accept URLs that start with // and thus point to a different host using the current protocol. If you do not want to permit this, set this option to false. This is fully backwards compatible because the default behavior is to allow them. Thanks to Luke Bernard.