All Versions
Latest Version
Avg Release Cycle
26 days
Latest Release
30 days ago

Changelog History
Page 5

  • v1.18.3 Changes

    • 0️⃣ iframe is an allowed tag by default, to better facilitate typical use cases and the use of the allowedIframeHostnames option.
    • πŸ“š Documentation improvements.
    • πŸ’» More browser packaging improvements.
    • πŸ‘ Protocol-relative URLs are properly supported for iframe tags.
  • v1.18.2 Changes

    • βœ… Travis tests passing.
    • πŸ›  Fixed another case issue β€”Β and instituted Travis CI testing so this doesn't happen again. Sorry for the hassle.
  • v1.18.1 Changes

    • 🐧 A file was required with incorrect case, breaking the library on case sensitive filesystems such as Linux. Fixed.
  • v1.18.0 Changes

    • 0️⃣ The new allowedSchemesAppliedToAttributes option. This determines which attributes are validated as URLs, replacing the old hardcoded list of src and href only. The default list now includes cite. Thanks to ml-dublin for this contribution.
    • πŸ”§ It is now easy to configure a specific list of allowed values for an attribute. When configuring allowedAttributes, rather than listing an attribute name, simply list an object with an attribute name property and an allowed values array property. You can also add multiple: true to allow multiple space-separated allowed values in the attribute, otherwise the attribute must match one and only one of the allowed values. Thanks again to ml-dublin for this contribution.
    • πŸ›  Fixed a bug in the npm test procedure.
  • v1.17.0 Changes

    πŸ”§ The new allowedIframeHostnames option. If present, this must be an array, and only iframe src URLs hostnames (complete hostnames; domain name matches are not enough) that appear on this list are allowed. You must also configure hostname as an allowed attribute for iframe. Thanks to Ryan Verys for this contribution.

  • v1.16.3 Changes

    πŸ’» Don't throw away the browserified versions before publishing them. prepare is not a good place to make clean, it runs after prepublish.

  • v1.16.2 Changes

    βœ… sanitize-html is now compiled with babel. An npm prepublish script takes care of this at npm publish time, so the latest code should always be compiled to operate all the way back to ES5 browsers and earlier versions of Node. Thanks to Ayushya Jaiswal.

    πŸ”’ Please note that running sanitize-html in the browser is usually a security hole. Are you trusting the browser? Anyone could bypass that using the network panel. Sanitization is almost always best done on servers and that is the primary use case for this module.

  • v1.16.1 Changes

    πŸ”„ changelog formatting only.

  • v1.16.0 Changes

    πŸ‘Œ support for sanitizing inline CSS styles, by specifying the allowed attributes and a regular expression for each. Thanks to Cameron Will and Michael Loschiavo.

  • v1.15.0 Changes

    πŸ”§ if configured as an allowed attribute (not the default), check for naughty URLs in srcset attributes. Thanks to Mike Samuel for the nudge to do this and to Sindre Sorhus for the srcset module.