Releases: xmldom/xmldom
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0+scoped
Due to #271
this version was published as
- unscoped
xmldom
package to github only (git tags0.7.0
and0.7.0+unscoped
) - scoped
@xmldom/xmldom
package to npm (github release/tag0.7.0+scoped
)
For more details look at#278
Fixes:
- Security: Misinterpretation of malicious XML input
CVE-2021-32796
- Implement
Document.getElementsByClassName
as specified#213
, thank you @ChALkeR - Inherit namespace prefix from parent when required
#268
- Handle whitespace in closing tags
#267
- Update
DOMImplementation
according to recent specs#210
BREAKING CHANGE: Only if you "passed features to be marked as available as a constructor arguments" and expected it to "magically work". - No longer serializes any namespaces with an empty URI
#244
(related to#168
released in 0.6.0)
BREAKING CHANGE: Only if you rely on "unsetting" a namespace prefix by setting it to an empty string - Set
localName
as part ofDocument.createElement
#229
, thank you @rrthomas
CI
- We are now additionally running tests against node v16
- Stryker tests on the master branch now run against node v14
Docs
0.7.0
This is the release of the unscoped xmldom
package that was only ever published to github, not to npm due to #271
.
For the release of the scoped @xmldom/xmldom
package see 0.7.0-scoped
.
Fixes:
- Security: Misinterpretation of malicious XML input
CVE-2021-32796
- Implement
Document.getElementsByClassName
as specified#213
, thank you @ChALkeR - Inherit namespace prefix from parent when required
#268
- Handle whitespace in closing tags
#267
- Update
DOMImplementation
according to recent specs#210
BREAKING CHANGE: Only if you "passed features to be marked as available as a constructor arguments" and expected it to "magically work". - No longer serializes any namespaces with an empty URI
#244
(related to#168
released in 0.6.0)
BREAKING CHANGE: Only if you rely on "unsetting" a namespace prefix by setting it to an empty string - Set
localName
as part ofDocument.createElement
#229
, thank you @rrthomas
CI
- We are now additionally running tests against node v16
- Stryker tests on the master branch now run against node v14
Docs
0.6.0
0.5.0
Fixes
- Avoid misinterpretation of malicious XML input -
GHSA-h6q6-9hqw-rwfv
(CVE-2021-21366)-
Improve error reporting; throw on duplicate attribute
BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them.
It's possible to configure theDOMParser.errorHandler
before parsing, to handle those errors differently.To accomplish this and also be able to verify it in tests I needed to
- create a new
Error
typeParseError
and export it - Throw
ParseError
fromerrorHandler.fatalError
and prevent those from being caught inXMLReader
. - export
DOMHandler
constructor as__DOMHandler
- create a new
-
Preserve quotes in DOCTYPE declaration
Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsedpublicId
andsystemId
as is, including any quotes.
BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping.
(Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd
https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)
-
- Fix breaking preprocessors' directives when parsing attributes
#171
- fix(dom): Escape
]]>
when serializing CharData#181
- Switch to (only) MIT license (drop problematic LGPL license option)
#178
- Export DOMException; remove custom assertions; etc.
#174
Docs
- Update MDN links in
readme.md
#188
0.4.0
Fixes
- BREAKING Restore
behavior from v0.1.27#67
- BREAKING Typecheck source param before parsing
#113
- Include documents in package files list
#156
- Preserve doctype with sysid
#144
- Remove ES6 syntax from getElementsByClassName
#91
- Revert "Add lowercase of åäö in entityMap" due to duplicate entries
#84
- fix: Convert all line separators to LF
#66
Docs
- Update CHANGELOG.md through version 0.3.0
#63
- Update badges
#78
- Add .editorconfig file
#104
- Add note about import
#79
- Modernize & improve the example in readme.md
#81
CI
- Add Stryker Mutator
#70
- Add Stryker action to update dashboard
#77
- Add Node GitHub action workflow
#64
- add & enable eslint
#106
- Use eslint-plugin-es5 to enforce ES5 syntax
#107
- Recover
vows
tests, dropproof
tests#59
- Add jest tessuite and first tests
#114
- Add jest testsuite with
xmltest
cases#112
- Configure Renovate
#108
- Test European HTML entities
#86
- Updated devDependencies