Doesnt support strike tag in whitelist for typescript

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.19k stars 630 forks source link

Closed mixalbl4-127 closed 3 years ago

mixalbl4-127 commented 3 years ago

leizongmin commented 3 years ago

I have published a new version xss@1.0.9 including the following changes:

Fix whitespace bypass #218 by @TomAnthony
Add <summary> to default whitelist #216 by @spacegaier
Add <figure> and <figcaption> to default whitelist by @daraz999
Add <audio crossorigin muted>, <video crossorigin muted playsinline poster> to default whitelist
Add <strike> to default whitelist
Fix: typings IWhiteList allow any tag name
Fix: typings onTag options