« Changelog History


sanitize-html v2.5.1 Release Notes

Release Date: 2021-09-14 // over 2 years ago
    • 🔒 The allowedScriptHostnames and allowedScriptDomains options now implicitly purge the inline content of all script tags, not just those with src attributes. This behavior was already strongly implied by the fact that they purged it in the case where a src attribute was actually present, and is necessary for the feature to provide any real security. Thanks to Grigorii Duca for pointing out the issue.