dompurify 3.0.3 → 3.0.5

package/dist/purify.es.js

@@ -1,4 +1,4 @@
-/*! @license DOMPurify 3.0.3 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.3/LICENSE */
+/*! @license DOMPurify 3.0.5 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.5/LICENSE */
 
 const {
   entries,
@@ -253,7 +253,7 @@ function createDOMPurify() {
    */
 
 
-  DOMPurify.version = '3.0.3';
+  DOMPurify.version = '3.0.5';
   /**
    * Array of elements that DOMPurify removed during sanitation.
    * Empty if nothing was removed.
@@ -1062,10 +1062,10 @@ function createDOMPurify() {
 
       return true;
     }
-    /* Make sure that older browsers don't get noscript mXSS */
+    /* Make sure that older browsers don't get fallback-tag mXSS */
 
 
-    if ((tagName === 'noscript' || tagName === 'noembed') && regExpTest(/<\/no(script|embed)/i, currentNode.innerHTML)) {
+    if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) {
       _forceRemove(currentNode);
 
       return true;
@@ -1483,7 +1483,7 @@ function createDOMPurify() {
         returnNode = body;
       }
 
-      if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmod) {
+      if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) {
         /*
           AdoptNode() is not used because internal state is not reset
           (e.g. the past names map of a HTMLFormElement), this is safe