DOMPurify

• Addressed and fixed a mXSS variation found by @kevin-mizu
• Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
• Updated tests for older Safari and Chrome versions

• Addressed and fixed a mXSS variation found by @kevin-mizu
• Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
• Updated tests for older Safari and Chrome versions

• Fixed an mXSS sanitiser bypass reported by @icesfont
• Added new code to track element nesting depth
• Added new code to enforce a maximum nesting depth of 255
• Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

• Fixed an mXSS sanitizer bypass reported by @icesfont
• Added new code to track element nesting depth
• Added new code to enforce a maximum nesting depth of 255
• Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated README to warn about happy-dom not being safe for use with DOMPurify yet
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

• Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

• Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

• Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
• Bumped up some build and test dependencies

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser

• Fixed a problem with proper detection of Custom Elements, thanks @kevin-mizu
• Refactored the hasOwnProperty logic, thanks @ssi02014
• Removed a superfluous console.warn making HappyDom happier, thanks @HugoPoi
• Modernized some of the demo hooks for better looks, thanks @Steb95

• Fixed errors caused by conditional exports, thanks @ssi02014
• Fixed a type error when working with custom element config, thanks @cpmotion

• Added better protection against CSPP attacks, thanks @kevin-mizu
• Updated browser versions for automated tests
• Updated Node versions for automated tests
• Refactored code base, thanks @ssi02014
• Refactored build system & deployment, thanks @ssi02014

• Refactored the core code-base and several utilities, thanks @ssi02014
• Updated and fixed several sections of the README, thanks @ssi02014
• Updated several outdated build and test dependencies

• Fixed a licensing issue spotted and reported by @george-thomas-hill
• Updated several build and test dependencies

• Fixed a licensing issue spotted and reported by @george-thomas-hill

• Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @leeN
• Fixed a typo with shadowrootmod which should be shadowrootmode, thanks @masatokinugawa

• Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @leeN

• Added new TRUSTED_TYPES_POLICY configuration option, thanks @dejang
• Added feDropShadow to the SVG filter allow-list, thanks @SelfMadeSystem