-
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weak…
-
### Reproducible in vscode.dev or in VS Code Desktop?
- [X] Not reproducible in [vscode.dev](https://vscode.dev) or VS Code Desktop
### Reproducible in the monaco editor playground?
- [X] Not…
-
Hi, thanks for a great tool.
I've run into an issue I don't know how to solve. I need to allow youtube embeds (iframe, but only from youtube.com), which doesn't seem to be solvable only through DOM…
-
### Renderer
v3
### Browser
Chrome
### Operating System
Windows
### What happened?
I had some quick headers was used inside a common line of text as global styles that now no longer work. For e…
-
I noticed that the project is currently using an outdated version (v3.0.8) of the DOMPurify library, which is affected by a known vulnerability CVE-2024-45801. The latest version of DOMPurify (v3.1.6)…
-
I'm using Next.js and ckeditor for generating content . code is :
```
'use client'
import React, { useEffect, useRef } from 'react'
import Box from '@mui/material/Box'
import DOMPurify from 'domp…
uchar updated
2 weeks ago
-
**Describe the bug**
Our build pipelines have reported that we have a vulnerability (CVE-2024-45801) coming from the dompurify package, which we are referencing through a dependency on the formiojs p…
-
With 3.1.7, I'm trying to replace / remove HTML comment nodes in the `uponSanitizeElement` hook. Here's a minimal example:
```js
DOMPurify.addHook('uponSanitizeElement', (node, data) => {
if (dat…
-
### Description
I'm trying to use [HTMX ](https://htmx.org/) with mermaid charts. A naive usage would be to use the HTMX attributes in the nodes directly.
```html
graph TD
NodeA(NodeA) -…
-
because of working on other aspects, i forgot the security aspect of the website, will work on it soon