dompurify
Advanced tools
Comparing version 0.4.4 to 0.4.5
{ | ||
"name": "DOMPurify", | ||
"version": "0.4.4", | ||
"version": "0.4.5", | ||
"homepage": "https://github.com/cure53/DOMPurify", | ||
@@ -5,0 +5,0 @@ "author": "Cure53 <info@cure53.de>", |
@@ -15,3 +15,3 @@ { | ||
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (9+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", | ||
"version": "0.4.4", | ||
"version": "0.4.5", | ||
"main": "purify.js", | ||
@@ -18,0 +18,0 @@ "directories": { |
@@ -347,6 +347,6 @@ /* jshint boss: true */ | ||
if(tmp.name === 'id' | ||
&& (window[tmp.value] || document[tmp.value])) { | ||
&& (tmp.value in window || tmp.value in document)) { | ||
clobbering = true; | ||
} | ||
if(tmp.name === 'name' && document[tmp.value]){ | ||
if(tmp.name === 'name' && tmp.value in document){ | ||
clobbering = true; | ||
@@ -407,2 +407,5 @@ } | ||
if(typeof document.implementation.createHTMLDocument === 'undefined') { | ||
if (window.toStaticHTML !== 'undefined' && typeof dirty === 'string') { | ||
return window.toStaticHTML(dirty); | ||
} | ||
return dirty; | ||
@@ -409,0 +412,0 @@ } |
@@ -5,3 +5,3 @@ # DOMPurify | ||
DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not. | ||
DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not. For more details please also read about our [Security Goals & Threat Model](https://github.com/cure53/DOMPurify/wiki/Security-Goals-&-Threat-Model) | ||
@@ -34,3 +34,4 @@ ## What does it do? | ||
You can also grab the files straight from NPM: | ||
You can also grab the files straight from NPM: | ||
_(Note: DOMPurify [doesn't work in Node.js yet](https://github.com/cure53/DOMPurify/issues/29), but runs fine with [Browserify](http://browserify.org/).)_ | ||
@@ -108,2 +109,8 @@ ``` | ||
## Security Mailing List | ||
We maintain a mailing list that notifies whenever a security-critical release of DOMPurify was published. This means, if someone found a bypass and we fixed it with a release (which always happens when a bypass was found) a mail will go out to that list. This usually happens within minutes or few hours after learning about a bypass. The list can be subscribed to here: | ||
[https://lists.ruhr-uni-bochum.de/mailman/listinfo/dompurify-security](https://lists.ruhr-uni-bochum.de/mailman/listinfo/dompurify-security) | ||
## What's on the road-map? | ||
@@ -110,0 +117,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
356677
2277
120