DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
OTHER License
Bot releases are visible (Hide)
Published by cure53 over 1 year ago
ALLOWED_URI_REGEXP
not being reset, thanks @mukilanemprescripts
tag to allowed MathML elements, thanks @duyhai94Published by cure53 over 1 year ago
Published by cure53 over 1 year ago
Published by cure53 over 1 year ago
ALLOW_SELF_CLOSE_IN_ATTR
flag, thanks @edg2s @AndreVirtimoshadowrootmode
, thanks @mfreed7NOTE Please use the 2.4.4 release if you still need MSIE support, 3.0.0 comes without the MSIE overhead
Published by cure53 over 1 year ago
ALLOW_SELF_CLOSE_IN_ATTR
flag, thanks @edg2s @AndreVirtimoshadowrootmode
, thanks @mfreed7Published by cure53 almost 2 years ago
Published by cure53 almost 2 years ago
Published by cure53 almost 2 years ago
ALLOWED_NAMESPACES
for better XML handling, thanks @kevin-deyoungster @tosmolkaSAFE_FOR_TEMPLATES
is true
Published by cure53 about 2 years ago
Published by cure53 about 2 years ago
Published by cure53 about 2 years ago
Published by cure53 over 2 years ago
Published by cure53 over 2 years ago
Published by cure53 over 2 years ago
No other changes compared to 2.3.7 release, which entail:
Published by cure53 over 2 years ago
Published by cure53 over 2 years ago
Published by cure53 almost 3 years ago
feImage
elements, thanks @ydanivPublished by cure53 about 3 years ago
PARSER_MEDIA_TYPE
spotted by @securitum-mbPublished by cure53 about 3 years ago
PARSER_MEDIA_TYPE
, thanks @tosmolkaPublished by cure53 about 3 years ago
FORBID_CONTENTS
setting configurablerole
to URI-safe attributes