sanitize-html - npm Package Compare versions

Comparing version 1.5.2 to 1.5.3

index.js

		@@ -165,3 +165,8 @@ var htmlparser = require('htmlparser2');
		}
		result += escapeHtml(text);
		var tag = stack[stack.length-1] && stack[stack.length-1].tag;
		if (_.has(nonTextTagsMap, tag)) {
		result += text;
		} else {
		result += escapeHtml(text);
		}
		if (stack.length) {
		@@ -168,0 +173,0 @@ var frame = stack[stack.length - 1];

package.json

		{
		"name": "sanitize-html",
		"version": "1.5.2",
		"version": "1.5.3",
		"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -192,2 +192,4 @@ # sanitize-html

		1.5.3: do not escape special characters inside a script or style element, if they are allowed. This is consistent with the way browsers parse them; nothing closes them except the appropriate closing tag for the entire element. Of course, this only comes into play if you actually choose to allow those tags. Thanks to aletorrado.

		1.5.2: guard checks for allowed attributes correctly to avoid an undefined property error. Thanks to Zeke.
		@@ -194,0 +196,0 @@

test/test.js

		@@ -324,2 +324,14 @@ var assert = require("assert");
		});
		it('should not escape inner content from non-text tags (when allowed)', function() {
		assert.equal(
		sanitizeHtml('<div>"normal text"</div><script>"this is code"</script>', {
		allowedTags: [ 'script' ]
		}), '"normal text"<script>"this is code"</script>'
		);
		assert.equal(
		sanitizeHtml('<div>"normal text"</div><style>body { background-image: url("image.test"); }</style>', {
		allowedTags: [ 'style' ]
		}), '"normal text"<style>body { background-image: url("image.test"); }</style>'
		);
		});
		});

LICENSE

Sorry, the diff of this file is not supported yet

New alerts