• Addressed and fixed a mXSS variation found by @kevin-mizu
• Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
• Updated tests for older Safari and Chrome versions

• Addressed and fixed a mXSS variation found by @kevin-mizu
• Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
• Updated tests for older Safari and Chrome versions

• Fixed an mXSS sanitiser bypass reported by @icesfont
• Added new code to track element nesting depth
• Added new code to enforce a maximum nesting depth of 255
• Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

• Fixed an mXSS sanitizer bypass reported by @icesfont
• Added new code to track element nesting depth
• Added new code to enforce a maximum nesting depth of 255
• Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated README to warn about happy-dom not being safe for use with DOMPurify yet
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

• Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

• Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
• Bumped up some build and test dependencies

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser