issues
search
cure53
/
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
https://cure53.de/purify
Other
14.14k
stars
735
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
DOMPurify.removed isn't reporting inline scripts with arbitrary text afterwards
#988
Bengejd
closed
3 months ago
1
Allow SVG transfer function attributes
#987
Gigabyte5671
closed
3 months ago
1
DOMPurify.sanitize() leaves executable code
#986
pdelancie
closed
3 months ago
13
[bug] DomPurify hangs on indefinitely when using SAFE_FOR_TEMPLATES=true
#985
vicpara
closed
3 months ago
3
Incorrect remove of `feFunc*` attr
#984
RichardLuo0
closed
3 months ago
0
fix: typo in karma.custom-launchers.config.js
#983
christianhg
closed
4 months ago
1
DOM Purify Allows onfocus events
#982
agonvuniqi
closed
4 months ago
1
name='lang' Attribute Removed During Sanitization
#980
nitiponth
closed
4 months ago
1
Policy creator
#979
jmanico
closed
4 months ago
2
Getting 3.x branch ready for 3.1.6 release
#978
cure53
closed
4 months ago
0
build(deps): bump ws and socket.io-adapter
#977
dependabot[bot]
closed
5 months ago
0
MathML Content Markup Removed
#976
ghost
closed
5 months ago
2
build(deps): bump ws and socket.io
#975
dependabot[bot]
closed
5 months ago
0
feat(website): add lang attribute to declare language
#974
Rotzbua
closed
5 months ago
1
fix(typo): found by `codespell`
#973
Rotzbua
closed
5 months ago
1
feat(docs): add removed options
#972
Rotzbua
closed
5 months ago
1
<img> xss vulnerability
#971
Koleneko
closed
5 months ago
0
build(deps): bump braces from 3.0.2 to 3.0.3
#970
dependabot[bot]
closed
5 months ago
0
KEEP_CONTENT remove contents of all ALLOWED_TAGS
#969
Firioesa
closed
5 months ago
2
Issue secure dompurify@2.5.5 Apache-2.0 + Fair + MPL-2.0
#968
hero-oceansmart
closed
5 months ago
1
A code comment containing a tag name structure leads to removal of the entire block
#967
ArtemAvseenko
closed
5 months ago
2
The MAX_NESTING_DEPTH remove contents issue has not been resolved.
#966
kakao-bishop-cho
closed
6 months ago
3
Escape unsafe characters instead of removing them
#965
FlawTECH
closed
6 months ago
3
Getting 3.x branch ready for 3.1.5 release
#964
cure53
closed
6 months ago
0
MAX_NESTING_DEPTH remove contents issue
#963
kakao-bishop-cho
closed
6 months ago
5
HTML and BODY tags are being regardless of `ALLOWED_TAGS` settings
#962
secret-agent-B
closed
6 months ago
2
Bower issues : DOMPurify is not defined
#961
HakumenNC
closed
6 months ago
5
Getting 3.x branch ready for 3.1.4 release
#960
cure53
closed
6 months ago
0
Number.isNaN is not supported in MSIE
#958
tulach
closed
6 months ago
15
Allow Popover API attributes
#957
Gigabyte5671
closed
6 months ago
1
Documentation
#956
MortenHofft
closed
6 months ago
1
release 3.1.3 assets are the same as 3.1.2
#955
joebordes
closed
6 months ago
1
Latest versions of DOMPurify 2.5.x block custom SVG elements when they are set via ADD_TAGS config.
#954
kevinroast
closed
6 months ago
6
Exception when passing 0 or "" or null to Dompurify.Sanitize Method #947
#953
sgudishettys
closed
6 months ago
3
Why does name="name" on an input field get purified?
#952
halfmoonui
closed
6 months ago
1
Need to block external calls, e.g. all HTTP requests
#951
benbucksch
closed
5 months ago
7
Uncertain how to handle 'non-standard' HTML
#950
spaceemotion
closed
6 months ago
3
Use lower case for bower package name
#949
ZheSun88
closed
6 months ago
1
refac: refactoring nodeType by adding a NODE_TYPE object
#948
ssi02014
closed
6 months ago
3
Exception when passing 0 or "" or null to Dompurify.Sanitize Method
#947
sgudishettys
closed
6 months ago
2
when using bypasssecurityTrustHtml mthod to render template
#946
Mani9398
closed
7 months ago
3
Getting 3.x branch ready for 3.1.2 release
#945
cure53
closed
7 months ago
0
Getting 3.x branch ready for 3.1.1 release
#944
cure53
closed
7 months ago
0
Merging fixes covering nesting-based mXSS into 3.x branch
#943
cure53
closed
7 months ago
0
docs(README.md): correct hook name in example and remove misleading comment
#942
kyselberg
closed
7 months ago
1
fix: added __removalCount to account for nodes removed from parents w…
#941
icesfont
closed
7 months ago
0
fix: added __removalCount to account for nodes removed from parents w…
#940
icesfont
closed
7 months ago
0
DOMPurify and Trusted Types - Clarification to Docs
#939
cancan101
closed
7 months ago
9
Sanitize returns empty string when PARSER_MEDIA_TYPE: application/xhtml+xml and void tags
#938
lucamerighi
closed
7 months ago
4
How do I use the API provided by DomPurify to verify the SVG file is it risky?
#937
yfools
closed
7 months ago
1
Previous
Next