Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

sanitize-html

Package Overview
Dependencies
Maintainers
13
Versions
114
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sanitize-html - npm Package Compare versions

Comparing version 2.5.1 to 2.5.2

5

CHANGELOG.md
# Changelog
## 2.5.2 (2021-10-13):
- Nullish HTML input now returns an empty string. Nullish value may be explicit `null`, `undefined` or implicit `undefined` when value is not provided. Thanks to Artem Kostiuk for the contribution.
- Documented that all text content is escaped. Thanks to Siddharth Singh.
## 2.5.1 (2021-09-14):

@@ -4,0 +9,0 @@ - The `allowedScriptHostnames` and `allowedScriptDomains` options now implicitly purge the inline content of all script tags, not just those with `src` attributes. This behavior was already strongly implied by the fact that they purged it in the case where a `src` attribute was actually present, and is necessary for the feature to provide any real security. Thanks to Grigorii Duca for pointing out the issue.

4

index.js

@@ -84,2 +84,6 @@ const htmlparser = require('htmlparser2');

function sanitizeHtml(html, options, _recursing) {
if (html == null) {
return '';
}
let result = '';

@@ -86,0 +90,0 @@ // Used for hot swapping the result variable with an empty string in order to "capture" the text written to it.

2

package.json
{
"name": "sanitize-html",
"version": "2.5.1",
"version": "2.5.2",
"description": "Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis",

@@ -5,0 +5,0 @@ "sideEffects": false,

@@ -24,2 +24,3 @@ # sanitize-html

HTML comments are not preserved.
Additionally, `sanitize-html` escapes _ALL_ text content - this means that ampersands, greater-than, and less-than signs are converted to their equivalent HTML character references (`&` --> `&amp;`, `<` --> `&lt;`, and so on). Additionally, in attribute values, quotation marks are escaped as well (`"` --> `&quot;`).

@@ -26,0 +27,0 @@ ## Requirements

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc