sanitize-html - npm Package Compare versions

Comparing version 1.2.3 to 1.3.0

index.js

		@@ -10,5 +10,6 @@ var htmlparser = require('htmlparser2');

		function Frame(tag) {
		function Frame(tag, attribs) {
		var that = this;
		this.tag = tag;
		this.attribs = attribs \|\| {};
		this.tagPosition = result.length;
		@@ -82,3 +83,3 @@ this.text = ''; // Node inner text
		onopentag: function(name, attribs) {
		var frame = new Frame(name);
		var frame = new Frame(name, attribs);
		stack.push(frame);
		@@ -90,5 +91,5 @@

		attribs = transformedTag.attribs;
		frame.attribs = attribs = transformedTag.attribs;
		if (name !== transformedTag.tagName) {
		name = transformedTag.tagName;
		frame.name = name = transformedTag.tagName;
		transformMap[depth] = transformedTag.tagName;
		@@ -116,2 +117,3 @@ }
		if (naughtyHref(value)) {
		delete frame.attribs[a];
		return;
		@@ -123,2 +125,3 @@ }
		if (!value.length) {
		delete frame.attribs[a];
		return;
		@@ -136,2 +139,4 @@ }
		}
		} else {
		delete frame.attribs[a];
		}
		@@ -138,0 +143,0 @@ });

package.json

		{
		"name": "sanitize-html",
		"version": "1.2.3",
		"version": "1.3.0",
		"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -130,2 +130,9 @@ # sanitize-html

		The `frame` object supplied to the callback provides the following attributes:

		- `tag`: The tag name, i.e. `'img'`.
		- `attribs`: The tag's attributes, i.e. `{ src: "/path/to/tux.png" }`.
		- `text`: The text content of the tag.
		- `tagPosition`: The index of the tag's position in the result string.

		### Allowed CSS Classes
		@@ -168,2 +175,4 @@

		1.3.0: `attribs` now available on frames passed to exclusive filter.

		1.2.3: fixed another possible XSS attack vector; no definitive exploit was found but it looks possible. [See this issue.](https://github.com/punkave/sanitize-html/pull/20) Thanks to Jim O'Brien.
		@@ -170,0 +179,0 @@

New alerts