« Changelog History


sanitize-html v2.3.3 Release Notes

Release Date: 2021-03-19 // about 3 years ago
    • 🔒 Security fix: allowedSchemes and related options did not properly block schemes containing a hyphen, plus sign, period or digit, such as ms-calculator:. Thanks to Lukas Euler for pointing out the issue.
    • ➕ Added a security note about the known risks associated with using the parser option, especially decodeEntities: false. See the documentation.