issues
search
cure53
/
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
https://cure53.de/purify
Other
13.25k
stars
687
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
name='lang' Attribute Removed During Sanitization
#980
nitiponth
closed
1 hour ago
1
Policy creator
#979
jmanico
opened
3 days ago
1
Getting 3.x branch ready for 3.1.6 release
#978
cure53
closed
3 days ago
0
build(deps): bump ws and socket.io-adapter
#977
dependabot[bot]
closed
6 days ago
0
MathML Content Markup Removed
#976
HaluanUskoa
closed
2 weeks ago
2
build(deps): bump ws and socket.io
#975
dependabot[bot]
closed
2 weeks ago
0
feat(website): add lang attribute to declare language
#974
Rotzbua
closed
2 weeks ago
1
fix(typo): found by `codespell`
#973
Rotzbua
closed
2 weeks ago
1
feat(docs): add removed options
#972
Rotzbua
closed
2 weeks ago
1
<img> xss vulnerability
#971
Koleneko
closed
2 weeks ago
0
build(deps): bump braces from 3.0.2 to 3.0.3
#970
dependabot[bot]
closed
2 weeks ago
0
KEEP_CONTENT remove contents of all ALLOWED_TAGS
#969
Firioesa
closed
3 weeks ago
2
Issue secure dompurify@2.5.5 Apache-2.0 + Fair + MPL-2.0
#968
hero-oceansmart
closed
1 month ago
1
A code comment containing a tag name structure leads to removal of the entire block
#967
ArtemAvseenko
closed
1 month ago
2
The MAX_NESTING_DEPTH remove contents issue has not been resolved.
#966
kakao-bishop-cho
closed
1 month ago
3
Escape unsafe characters instead of removing them
#965
FlawTECH
closed
1 month ago
3
Getting 3.x branch ready for 3.1.5 release
#964
cure53
closed
1 month ago
0
MAX_NESTING_DEPTH remove contents issue
#963
kakao-bishop-cho
closed
1 month ago
5
HTML and BODY tags are being regardless of `ALLOWED_TAGS` settings
#962
secret-agent-B
closed
1 month ago
2
Bower issues : DOMPurify is not defined
#961
HakumenNC
closed
1 month ago
5
Getting 3.x branch ready for 3.1.4 release
#960
cure53
closed
1 month ago
0
Pul
#959
snmb22
closed
1 month ago
0
Number.isNaN is not supported in MSIE
#958
tulach
closed
1 month ago
15
Allow Popover API attributes
#957
Gigabyte5671
closed
1 month ago
1
Documentation
#956
MortenHofft
closed
1 month ago
1
release 3.1.3 assets are the same as 3.1.2
#955
joebordes
closed
1 month ago
1
Latest versions of DOMPurify 2.5.x block custom SVG elements when they are set via ADD_TAGS config.
#954
kevinroast
closed
1 month ago
6
Exception when passing 0 or "" or null to Dompurify.Sanitize Method #947
#953
sgudishettys
closed
1 month ago
3
Why does name="name" on an input field get purified?
#952
halfmoonui
closed
2 months ago
1
Need to block external calls, e.g. all HTTP requests
#951
benbucksch
closed
1 month ago
7
Uncertain how to handle 'non-standard' HTML
#950
spaceemotion
closed
2 months ago
3
Use lower case for bower package name
#949
ZheSun88
closed
2 months ago
1
refac: refactoring nodeType by adding a NODE_TYPE object
#948
ssi02014
closed
2 months ago
3
Exception when passing 0 or "" or null to Dompurify.Sanitize Method
#947
sgudishettys
closed
2 months ago
2
when using bypasssecurityTrustHtml mthod to render template
#946
Mani9398
closed
2 months ago
3
Getting 3.x branch ready for 3.1.2 release
#945
cure53
closed
2 months ago
0
Getting 3.x branch ready for 3.1.1 release
#944
cure53
closed
2 months ago
0
Merging fixes covering nesting-based mXSS into 3.x branch
#943
cure53
closed
2 months ago
0
docs(README.md): correct hook name in example and remove misleading comment
#942
kyselberg
closed
2 months ago
1
fix: added __removalCount to account for nodes removed from parents w…
#941
icesfont
closed
2 months ago
0
fix: added __removalCount to account for nodes removed from parents w…
#940
icesfont
closed
2 months ago
0
DOMPurify and Trusted Types - Clarification to Docs
#939
cancan101
closed
2 months ago
9
Sanitize returns empty string when PARSER_MEDIA_TYPE: application/xhtml+xml and void tags
#938
lucamerighi
closed
2 months ago
4
How do I use the API provided by DomPurify to verify the SVG file is it risky?
#937
yfools
closed
3 months ago
1
docs: Updated the year in LICENSE file
#936
cure53
closed
3 months ago
0
New release v3.1.0 (not in releases)
#935
ghost
closed
3 months ago
1
Getting 3.x branch ready for 3.1.0 release
#934
cure53
closed
3 months ago
0
Sanitization Issue with DomPurify
#933
tommy888883
closed
3 months ago
3
Sanitization Issue: Comments Removed Despite ADD_TAGS Configuration
#932
agnijalam
closed
3 months ago
8
Fix for bug in demo hooks-sanitize-css-demo.html
#931
koosvanderkolk
closed
3 months ago
3
Next