sanitize-html v2.5.1 Release Notes
Release Date: 2021-09-14 // over 2 years ago-
- 🔒 The
allowedScriptHostnames
andallowedScriptDomains
options now implicitly purge the inline content of all script tags, not just those withsrc
attributes. This behavior was already strongly implied by the fact that they purged it in the case where asrc
attribute was actually present, and is necessary for the feature to provide any real security. Thanks to Grigorii Duca for pointing out the issue.
- 🔒 The