DOMPurify

• Fixed an issue with ALLOWED_URI_REGEXP not being reset, thanks @mukilane
• Added mprescripts tag to allowed MathML elements, thanks @duyhai94
• Added SMS URI scheme to allowed URI schemes, tanks @Kiwka
• Updated supported browser versions for nicer code and smaller size, thanks @buzinas

• Fixed a problem with improper reset of custom HTML options, thanks @ammaraskar

• Fixed a problem with improper reset of custom HTML options, thanks @ammaraskar

• Removed all code that is for MSIE-only
• Removed all tests that are for MSIE-only
• Modified documentation to reflect new state of MSIE support
• Added support for ALLOW_SELF_CLOSE_IN_ATTR flag, thanks @edg2s @AndreVirtimo
• Added better support for shadowrootmode, thanks @mfreed7

NOTE Please use the 2.4.4 release if you still need MSIE support, 3.0.0 comes without the MSIE overhead

• Added support for ALLOW_SELF_CLOSE_IN_ATTR flag, thanks @edg2s @AndreVirtimo
• Added better support for shadowrootmode, thanks @mfreed7

• Final release that is compatible with MSIE10 & MSIE 11

• Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @tosmolka
• Fixed a Prototype Pollution issue discovered and reported by @kevin-mizu

• Added new config option ALLOWED_NAMESPACES for better XML handling, thanks @kevin-deyoungster @tosmolka
• Added better detection of template literals when SAFE_FOR_TEMPLATES is true
• Fixed an exception caused by DOM clobbering, thanks @masatokinugawa
• Bumped some dependencies, thanks @marcpenya-tf

• Removed bundled types again as they caused too much trouble

• Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @Mirco469, @brentkeller, @aryanisml

• Added generated type definitions for better compatibility
• Added SANITIZE_NAMED_PROPS config option, thanks @SoheilKhodayari
• Updated README and config documentation, thanks @0xedward
• Updated test suite with newer Node versions

• Added support for sanitization of attributes requiring Trusted Types, thanks @tosmolka

• Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @tosmolka
• Bumped some dependencies, thanks @is2ei
• Included github-actions in the dependabot config, thanks @nathannaveen

• Cleaned up a minor issue with the 2.3.7 release, thanks @johnbirds

No other changes compared to 2.3.7 release, which entail:

• Fixes around a bug in Safari, thanks @sybrew
• Slightly improved performance, thanks @tiny-ben-tran
• Lots of chores, bumps and typo fixes, thanks @is2ei
• Removed unnecessary string trimming, thanks @christopherehlen

• Added an option to allow HTML5 doctypes, thanks @tosmolka
• Bumped several dependencies, thanks @is2ei
• Updated documentation to cover recently added flags, thanks @is2ei

• Performed several chores and cleanups, thanks @is2ei
• Fixed a bug when working with Trusted Types, thanks @tosmolka
• Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @tosmolka
• Added more SVG attributes to allow-list, thanks @rzhade3

• Added support for Custom Elements, thanks @franktopel
• Added new config settings to control Custom Element sanitizing, thanks @franktopel
• Added faster clobber checks, thanks @GrantGryczan
• Allow-listed SVG feImage elements, thanks @ydaniv
• Updated test suite
• Update supported Node versions
• Updated README

• Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @securitum-mb
• Adjusted the tests for MSIE to make sure the results are as expected now

• Added new config option PARSER_MEDIA_TYPE, thanks @tosmolka

• Added code to make FORBID_CONTENTS setting configurable
• Added role to URI-safe attributes
• Added more paranoid handling for template elements