cure53/DOMPurify (dompurify)
### [`v3.1.2`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.2): DOMPurify 3.1.2
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.1...3.1.2)
- Addressed and fixed a mXSS variation found by [@kevin-mizu](https://togithub.com/kevin-mizu)
- Addressed and fixed a mXSS variation found by [Adam Kues](https://twitter.com/hash_kitten) of Assetnote
- Updated tests for older Safari and Chrome versions
### [`v3.1.1`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.0...3.1.1)
- Fixed an mXSS sanitiser bypass reported by [@icesfont](https://togithub.com/icesfont)
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
**Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.**
### [`v3.1.0`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.0): DOMPurify 3.1.0
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.11...3.1.0)
- Added new setting `SAFE_FOR_XML` to enable better control over comment scrubbing
- Updated README to warn about *happy-dom* not being safe for use with DOMPurify yet
- Updated the LICENSE file to show the accurate year number
- Updated several build and test dependencies
### [`v3.0.11`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.11): DOMPurify 3.0.11
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.10...3.0.11)
- Fixed another conditional bypass caused by Processing Instructions, thanks [@Ry0taK](https://togithub.com/Ry0taK)
- Fixed the regex for HTML Custom Element detection, thanks [@AlekseySolovey3T](https://togithub.com/AlekseySolovey3T)
### [`v3.0.10`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.10): DOMPurify 3.0.10
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.9...3.0.10)
- Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks [@Slonser](https://togithub.com/Slonser)
- Bumped up some build and test dependencies
### [`v3.0.9`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.9): DOMPurify 3.0.9
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.8...3.0.9)
- Fixed a problem with proper detection of Custom Elements, thanks [@kevin-mizu](https://togithub.com/kevin-mizu)
- Refactored the `hasOwnProperty` logic, thanks [@ssi02014](https://togithub.com/ssi02014)
- Removed a superfluous `console.warn` making HappyDom happier, thanks [@HugoPoi](https://togithub.com/HugoPoi)
- Modernized some of the demo hooks for better looks, thanks [@Steb95](https://togithub.com/Steb95)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.0.8->3.1.2Release Notes
cure53/DOMPurify (dompurify)
### [`v3.1.2`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.2): DOMPurify 3.1.2 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.1...3.1.2) - Addressed and fixed a mXSS variation found by [@kevin-mizu](https://togithub.com/kevin-mizu) - Addressed and fixed a mXSS variation found by [Adam Kues](https://twitter.com/hash_kitten) of Assetnote - Updated tests for older Safari and Chrome versions ### [`v3.1.1`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.0...3.1.1) - Fixed an mXSS sanitiser bypass reported by [@icesfont](https://togithub.com/icesfont) - Added new code to track element nesting depth - Added new code to enforce a maximum nesting depth of 255 - Added coverage tests and necessary clobbering protections **Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.** ### [`v3.1.0`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.0): DOMPurify 3.1.0 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.11...3.1.0) - Added new setting `SAFE_FOR_XML` to enable better control over comment scrubbing - Updated README to warn about *happy-dom* not being safe for use with DOMPurify yet - Updated the LICENSE file to show the accurate year number - Updated several build and test dependencies ### [`v3.0.11`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.11): DOMPurify 3.0.11 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.10...3.0.11) - Fixed another conditional bypass caused by Processing Instructions, thanks [@Ry0taK](https://togithub.com/Ry0taK) - Fixed the regex for HTML Custom Element detection, thanks [@AlekseySolovey3T](https://togithub.com/AlekseySolovey3T) ### [`v3.0.10`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.10): DOMPurify 3.0.10 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.9...3.0.10) - Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks [@Slonser](https://togithub.com/Slonser) - Bumped up some build and test dependencies ### [`v3.0.9`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.9): DOMPurify 3.0.9 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.8...3.0.9) - Fixed a problem with proper detection of Custom Elements, thanks [@kevin-mizu](https://togithub.com/kevin-mizu) - Refactored the `hasOwnProperty` logic, thanks [@ssi02014](https://togithub.com/ssi02014) - Removed a superfluous `console.warn` making HappyDom happier, thanks [@HugoPoi](https://togithub.com/HugoPoi) - Modernized some of the demo hooks for better looks, thanks [@Steb95](https://togithub.com/Steb95)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.