dompurify
Advanced tools
Comparing version 0.4.0 to 0.4.2
| { | ||
| "name": "DOMPurify", | ||
| "version": "0.4", | ||
| "version": "0.4.2", | ||
| "homepage": "https://github.com/cure53/DOMPurify", | ||
@@ -5,0 +5,0 @@ "author": "Cure53 <info@cure53.de>", |
@@ -15,3 +15,3 @@ { | ||
| "description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (9+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", | ||
| "version": "0.4.0", | ||
| "version": "0.4.2", | ||
| "main": "purify.js", | ||
@@ -18,0 +18,0 @@ "directories": { |
@@ -317,2 +317,5 @@ /* jshint boss: true */ | ||
| tmp, clobbering; | ||
| /* This needs to be extensive thanks to Webkit/Blink's behavior */ | ||
| var whitespace = /[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g; | ||
@@ -344,3 +347,3 @@ /* Check if we have attributes; if not we might have a text node */ | ||
| /* Get rid of script and data URIs */ | ||
| && (!tmp.value.replace(/[\x00-\x20]/g,'').match(regex) | ||
| && (!tmp.value.replace(whitespace,'').match(regex) | ||
@@ -347,0 +350,0 @@ /* Keep image data URIs alive if src is allowed */ |
@@ -31,2 +31,8 @@ # DOMPurify | ||
| You can also grab the files straight from NPM: | ||
| ``` | ||
| npm install dompurify | ||
| ``` | ||
| ## Is there a demo? | ||
@@ -33,0 +39,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.55%
354656
- Lines of code
- increased by0.9%
2253
- Number of lines in readme file
- increased by6%
106
No dependency changes