dompurify
Advanced tools
Comparing version 0.4.0 to 0.4.2
{ | ||
"name": "DOMPurify", | ||
"version": "0.4", | ||
"version": "0.4.2", | ||
"homepage": "https://github.com/cure53/DOMPurify", | ||
@@ -5,0 +5,0 @@ "author": "Cure53 <info@cure53.de>", |
@@ -15,3 +15,3 @@ { | ||
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (9+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", | ||
"version": "0.4.0", | ||
"version": "0.4.2", | ||
"main": "purify.js", | ||
@@ -18,0 +18,0 @@ "directories": { |
@@ -317,2 +317,5 @@ /* jshint boss: true */ | ||
tmp, clobbering; | ||
/* This needs to be extensive thanks to Webkit/Blink's behavior */ | ||
var whitespace = /[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g; | ||
@@ -344,3 +347,3 @@ /* Check if we have attributes; if not we might have a text node */ | ||
/* Get rid of script and data URIs */ | ||
&& (!tmp.value.replace(/[\x00-\x20]/g,'').match(regex) | ||
&& (!tmp.value.replace(whitespace,'').match(regex) | ||
@@ -347,0 +350,0 @@ /* Keep image data URIs alive if src is allowed */ |
@@ -31,2 +31,8 @@ # DOMPurify | ||
You can also grab the files straight from NPM: | ||
``` | ||
npm install dompurify | ||
``` | ||
## Is there a demo? | ||
@@ -33,0 +39,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
354656
2253
106