leizongmin
commented
6 years ago I am very sorry for such mistakes. I have merged this pull request and published the new version xss@1.0.3. Thanks.
Closed Asvarox closed 6 years ago
leizongmin
commented
6 years ago I am very sorry for such mistakes. I have merged this pull request and published the new version xss@1.0.3. Thanks.
l9c
commented
6 years ago Commit 7ecfb03 is missing in the xss@1.0.3 released files. Please fix it. Thanks
leizongmin
commented
6 years ago @l9c I just checked the npm i xss@1.0.3 and I am sure this commit is already included. Maybe that is another problem with you?
l9c
commented
6 years ago @leizongmin That's weird! I've checked the file https://github.com/leizongmin/js-xss/archive/v1.0.3.zip again, please see dist/xss.js line 453
see the archive file submitted to VirusTotal
It seems that the npm package is not consistent with github/bower
Thanks for the reply.
leizongmin
commented
6 years ago @l9c
I found the problem is the v1.0.3 tag was on a wrong commit, and now I've fixed this.
Please try again? (I am very sorry)
l9c
commented
6 years ago @leizongmin It's OK now. Thanks! BTW: cache clean is required before reinstalling with bower.
This fixes code added in https://github.com/leizongmin/js-xss/commit/723b307a32541044e4f4dcbb260c34b3168e87f2 which causes #140
I didn't commit built version because that'd could be a chance for me to put nasty code in the minified file without anybody noticing :) .