sanitize-html v2.5.1 Release Notes

Release Date: 2021-09-14 // about 1 month ago
    • 🔒 The allowedScriptHostnames and allowedScriptDomains options now implicitly purge the inline content of all script tags, not just those with src attributes. This behavior was already strongly implied by the fact that they purged it in the case where a src attribute was actually present, and is necessary for the feature to provide any real security. Thanks to Grigorii Duca for pointing out the issue.

Previous changes from v2.5.0

    • 🆕 New allowedScriptHostnames option, it enables you to specify which hostnames are allowed in a script tag.
    • 🆕 New allowedScriptDomains option, it enables you to specify which domains are allowed in a script tag. Thank you to Yorick Girard for this and the allowedScriptHostnames contribution.
    • ⚡️ Updates whitelist to allowlist.