All Versions
Latest Version
Avg Release Cycle
26 days
Latest Release
79 days ago

Changelog History
Page 2

  • v2.1.2 Changes

    November 04, 2020
    • 🛠 Fixes typos and inconsistencies in the README. Thanks to Eric Lefevre-Ardant for this contribution.
  • v2.1.1 Changes

    October 21, 2020
    • 🛠 Fixes a bug when using allowedClasses with an '*' wildcard selector. Thanks to Clemens Damke for this contribution.
    • ⚡️ Updates mocha to 7.x to resolve security warnings.
  • v2.1.0 Changes

    October 07, 2020
    • 0️⃣ sup added to the default allowed tags list. Thanks to Julian Lam for the contribution.
    • 📚 Updates default allowedTags README documentation. Thanks to Marco Arduini for the contribution.
  • v2.0.0 Changes

    September 23, 2020
    • nestingLimit option added.
    • ⚡️ Updates ESLint config package and fixes warnings.
    • ⬆️ Upgrade is-plain-object package with named export. Thanks to Bogdan Chadkin for the contribution.
    • ⬆️ Upgrade postcss package and drop Node 11 and Node 13 support (enforced by postcss).

    Backwards compatibility breaks:

    • 🏗 There is no build. You should no longer directly link to a sanitize-html file directly in the browser as it is using modern Javascript that is not fully supported by all major browsers (depending on your definition). You should now include sanitize-html in your project build for this purpose if you have one.
    • On the server side, Node.js 10 or higher is required.
    • ⚡️ The default allowedTags array was updated significantly. This mostly added HTML tags to be more comprehensive by default. You should review your projects and consider the allowedTags defaults if you are not already overriding them.
  • v2.0.0-rc.2 Changes

    September 09, 2020
    • Always use existing has function rather than duplicating it.
  • v2.0.0-rc.1 Changes

    August 26, 2020
    • ⬆️ Upgrade klona package. Thanks to Bogdan Chadkin for the contribution.
  • v2.0.0-beta.2 Changes

    • ➕ Add files to package.json to prevent publishing unnecessary files to npm #392. Thanks to styfle for the contribution.
    • ✂ Removes iframe and nl from default allowed tags. Adds most innocuous tags to the default allowedTags array.
    • 🛠 Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.
  • v2.0.0-beta Changes

    • 🏗 Moves the index.js file to the project root and removes all build steps within the package. Going forward, it is up to the developer to include sanitize-html in their project builds as-needed. This removes major points of conflict with project code and frees this module to not worry about myriad build-related questions.
    • 📦 Replaces lodash with utility packages: klona, is-plain-object, deepmerge, escape-string-regexp.
    • 👉 Makes custom tag transformations less error-prone by escaping frame innerText. Thanks to Mike Samuel for the contribution. Prior to this patch, tag transformations which turned an attribute value into a text node could be vulnerable to code execution.
    • ⚡️ Updates code to use modern features including const/let variable assignment.
    • 👕 ESLint clean up.
    • ⚡️ Updates is-plain-object to the 4.x major version.
    • ⚡️ Updates srcset to the 3.x major version.

    ⚡️ Thanks to Bogdan Chadkin for contributions to this major version update.

  • v1.27.5 Changes

    September 23, 2020
    • ⚡️ Updates README to include ES modules syntax.
  • v1.27.4 Changes

    August 26, 2020
    • 🛠 Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.