sanitize-html v2.3.3 Release Notes
Release Date: 2021-03-19 // about 3 years ago-
- 🔒 Security fix:
allowedSchemes
and related options did not properly block schemes containing a hyphen, plus sign, period or digit, such asms-calculator:
. Thanks to Lukas Euler for pointing out the issue. - ➕ Added a security note about the known risks associated with using the
parser
option, especiallydecodeEntities: false
. See the documentation.
- 🔒 Security fix: