transformTagsnow accepts the
*wildcard to transform all tags. Thanks to Jamy Timmermans.
Text that has been modified by
transformTagsis then passed through
textFilter. Thanks to Pavlo Yurichuk.
👀 Content inside
textareais discarded if
textareais not allowed. I don't know why it took me this long to see that this is just common sense. Thanks to David Frank.
array-includesdependency in favor of
indexOf, which is a little more verbose but slightly faster and doesn't require a shim. Thanks again to Joseph Dykstra.
✂ removed lodash dependency, adding lighter dependencies and polyfills in its place. Thanks to Joseph Dykstra.
allowedSchemesByTagoption. Thanks to Cameron Will.
'undefined'(as opposed to
undefined) is perfectly valid text and shouldn't be expressly converted to the empty string.
textFilteroption. Thanks to Csaba Palfi.
💅 do not escape special characters inside a script or style element, if they are allowed. This is consistent with the way browsers parse them; nothing closes them except the appropriate closing tag for the entire element. Of course, this only comes into play if you actually choose to allow those tags. Thanks to aletorrado.
guard checks for allowed attributes correctly to avoid an undefined property error. Thanks to Zeke.
⚡️ updated to htmlparser2 1.8.x. Started using the
decodeEntitiesoption, which allows us to pass our filter evasion tests without the need to recursively invoke the filter.
👌 support for
*wildcards in allowedAttributes. With tests. Thanks to Calvin Montgomery.