apostrophecms/sanitize-html (sanitize-html)
### [`v2.11.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#2110-2023-06-21)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.10.0...2.11.0)
- Fix to allow `false` in `allowedClasses` attributes. Thanks to [Kevin Jiang](https://togithub.com/KevinSJ) for this fix!
- Upgrade mocha version
- Apply small linter fixes in tests
- Add `.idea` temp files to `.gitignore`
- Thanks to [Vitalii Shpital](https://togithub.com/VitaliiShpital) for the updates!
- Show parseStyleAttributes warning in browser only. Thanks to [mog422](https://togithub.com/mog422) for this update!
- Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. [Thanks to Dylan Armstrong](https://togithub.com/dylanarmstrong) for this update!
### [`v2.10.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#2100-2023-02-17)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.9.0...2.10.0)
- Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when `disallowedTagMode` is set to any variant of `escape` -- just escape the disallowed tags that are present. This fixes [issue #464](https://togithub.com/apostrophecms/sanitize-html/issues/464). Thanks to [Daniel Liebner](https://togithub.com/dliebner)
- Add `tagAllowed()` helper function which takes a tag name and checks it against `options.allowedTags` and returns `true` if the tag is allowed and `false` if it is not.
### [`v2.9.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#290-2023-01-27)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.8.1...2.9.0)
- Add option parseStyleAttributes to skip style parsing. This fixes [issue #547](https://togithub.com/apostrophecms/sanitize-html/issues/547). Thanks to [Bert Verhelst](https://togithub.com/bertyhell).
### [`v2.8.1`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#281-2022-12-21)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.8.0...2.8.1)
- If the argument is a number, convert it to a string, for backwards compatibility. Thanks to [Alexander Schranz](https://togithub.com/alexander-schranz).
### [`v2.8.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#280-2022-12-12)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.3...2.8.0)
- Upgrades `htmlparser2` to new major version `^8.0.0`. Thanks to [Kedar Chandrayan](https://togithub.com/kedarchandrayan) for this contribution.
### [`v2.7.3`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#273-2022-10-24)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.2...2.7.3)
- If allowedTags is falsy but not exactly `false`, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue #176](https://togithub.com/apostrophecms/sanitize-html/issues/176). Thanks to [Kedar Chandrayan](https://togithub.com/kedarchandrayan) for the fix.
### [`v2.7.2`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#272-2022-09-15)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.1...2.7.2)
- Closing tags must agree with opening tags. This fixes [issue #549](https://togithub.com/apostrophecms/sanitize-html/issues/549), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to
[Kedar Chandrayan](https://togithub.com/kedarchandrayan) for the report and the fix.
### [`v2.7.1`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#271-2022-07-20)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.0...2.7.1)
- Protocol-relative URLs are properly supported for script tags. Thanks to [paweljq](https://togithub.com/paweljq).
- A denial-of-service vulnerability has been fixed by replacing global regular expression replacement logic for comment removal with a new implementation. Thanks to Nariyoshi Chida of NTT Security Japan for pointing out the issue.
Configuration
π Schedule: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
2.7.0->2.11.02.8.1->2.11.0Release Notes
apostrophecms/sanitize-html (sanitize-html)
### [`v2.11.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#2110-2023-06-21) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.10.0...2.11.0) - Fix to allow `false` in `allowedClasses` attributes. Thanks to [Kevin Jiang](https://togithub.com/KevinSJ) for this fix! - Upgrade mocha version - Apply small linter fixes in tests - Add `.idea` temp files to `.gitignore` - Thanks to [Vitalii Shpital](https://togithub.com/VitaliiShpital) for the updates! - Show parseStyleAttributes warning in browser only. Thanks to [mog422](https://togithub.com/mog422) for this update! - Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. [Thanks to Dylan Armstrong](https://togithub.com/dylanarmstrong) for this update! ### [`v2.10.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#2100-2023-02-17) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.9.0...2.10.0) - Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when `disallowedTagMode` is set to any variant of `escape` -- just escape the disallowed tags that are present. This fixes [issue #464](https://togithub.com/apostrophecms/sanitize-html/issues/464). Thanks to [Daniel Liebner](https://togithub.com/dliebner) - Add `tagAllowed()` helper function which takes a tag name and checks it against `options.allowedTags` and returns `true` if the tag is allowed and `false` if it is not. ### [`v2.9.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#290-2023-01-27) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.8.1...2.9.0) - Add option parseStyleAttributes to skip style parsing. This fixes [issue #547](https://togithub.com/apostrophecms/sanitize-html/issues/547). Thanks to [Bert Verhelst](https://togithub.com/bertyhell). ### [`v2.8.1`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#281-2022-12-21) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.8.0...2.8.1) - If the argument is a number, convert it to a string, for backwards compatibility. Thanks to [Alexander Schranz](https://togithub.com/alexander-schranz). ### [`v2.8.0`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#280-2022-12-12) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.3...2.8.0) - Upgrades `htmlparser2` to new major version `^8.0.0`. Thanks to [Kedar Chandrayan](https://togithub.com/kedarchandrayan) for this contribution. ### [`v2.7.3`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#273-2022-10-24) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.2...2.7.3) - If allowedTags is falsy but not exactly `false`, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue #176](https://togithub.com/apostrophecms/sanitize-html/issues/176). Thanks to [Kedar Chandrayan](https://togithub.com/kedarchandrayan) for the fix. ### [`v2.7.2`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#272-2022-09-15) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.1...2.7.2) - Closing tags must agree with opening tags. This fixes [issue #549](https://togithub.com/apostrophecms/sanitize-html/issues/549), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to [Kedar Chandrayan](https://togithub.com/kedarchandrayan) for the report and the fix. ### [`v2.7.1`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#271-2022-07-20) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/2.7.0...2.7.1) - Protocol-relative URLs are properly supported for script tags. Thanks to [paweljq](https://togithub.com/paweljq). - A denial-of-service vulnerability has been fixed by replacing global regular expression replacement logic for comment removal with a new implementation. Thanks to Nariyoshi Chida of NTT Security Japan for pointing out the issue.Configuration
π Schedule: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.