dompurify 2.5.8 → 2.5.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +5 -3
- package/dist/purify.cjs.js +3 -3
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.js +3 -3
- package/dist/purify.es.js.map +1 -1
- package/dist/purify.js +3 -3
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
package/dist/purify.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 2.5.
|
|
1
|
+
/*! @license DOMPurify 2.5.9 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.5.9/LICENSE */
|
|
2
2
|
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
|
|
@@ -287,7 +287,7 @@
|
|
|
287
287
|
* Version label, exposed for easier checks
|
|
288
288
|
* if DOMPurify is up to date or not
|
|
289
289
|
*/
|
|
290
|
-
DOMPurify.version = '2.5.
|
|
290
|
+
DOMPurify.version = '2.5.9';
|
|
291
291
|
|
|
292
292
|
/**
|
|
293
293
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -1194,7 +1194,7 @@
|
|
|
1194
1194
|
}
|
|
1195
1195
|
|
|
1196
1196
|
/* Work around a security issue with comments inside attributes */
|
|
1197
|
-
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
|
|
1197
|
+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|script|title|xmp|textarea|noscript|iframe|noembed|noframes)/i, value)) {
|
|
1198
1198
|
_removeAttribute(name, currentNode);
|
|
1199
1199
|
continue;
|
|
1200
1200
|
}
|