Skip to content

DOMPurify 3.1.1
Compare
Choose a tag to compare
@cure53 cure53 released this 26 Apr 11:14
· 7 commits to 3.x since this release
3.1.1
7a0a984
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
  • Fixed an mXSS sanitiser bypass reported by @icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

Contributors

icesfont
Assets 2