Changelog
v0.12.4 (2023-11-17)
Changelog
v0.12.3 (2023-11-17)
Changelog
v0.12.2 (2023-09-08)
Changelog
v0.12.1 (2023-09-07)
@lexical/utils
(#4923) RajatChangelog
v0.12.0 (2023-08-09)
SELECT_ALL_COMMAND
(#4818) Chris MontroisChangelog
v0.11.3 (2023-07-18)
Changelog
v0.11.2 (2023-07-11)
AutocompleteNode.clone()
(#4592) Scott DriggersChangelog
0.11.1 (2023-05-26)
Changelog
0.11.0 (2023-05-23)
Changelog
0.10.0 (2023-04-18)
@lexical/link will now sanitize anchor tag hrefs before rendering them to the DOM. This provides a measure of protection against XSS attacks that rely on inlining javascript in that attribute. However, it means that links using less common protocols will now be sanitized (converted to about:blank), which will be a breaking change for any existing links.
Like most other node-based logic in Lexical, the sanitization logic can be overriden by overriding LinkNode using the Node Overrides API and replacing it with a node that implements the sanitizeUrl method differently.
Fixes CVE-2023-30792