sanitize-html v1.14.0 Release Notes
-
the new
allowProtocolRelative
option, which is set totrue
by default, allows you to decline to accept URLs that start with//
and thus point to a different host using the current protocol. If you do not want to permit this, set this option tofalse
. This is fully backwards compatible because the default behavior is to allow them. Thanks to Luke Bernard.