sanitize-html
Advanced tools
Comparing version 2.5.1 to 2.5.2
# Changelog | ||
## 2.5.2 (2021-10-13): | ||
- Nullish HTML input now returns an empty string. Nullish value may be explicit `null`, `undefined` or implicit `undefined` when value is not provided. Thanks to Artem Kostiuk for the contribution. | ||
- Documented that all text content is escaped. Thanks to Siddharth Singh. | ||
## 2.5.1 (2021-09-14): | ||
@@ -4,0 +9,0 @@ - The `allowedScriptHostnames` and `allowedScriptDomains` options now implicitly purge the inline content of all script tags, not just those with `src` attributes. This behavior was already strongly implied by the fact that they purged it in the case where a `src` attribute was actually present, and is necessary for the feature to provide any real security. Thanks to Grigorii Duca for pointing out the issue. |
@@ -84,2 +84,6 @@ const htmlparser = require('htmlparser2'); | ||
function sanitizeHtml(html, options, _recursing) { | ||
if (html == null) { | ||
return ''; | ||
} | ||
let result = ''; | ||
@@ -86,0 +90,0 @@ // Used for hot swapping the result variable with an empty string in order to "capture" the text written to it. |
{ | ||
"name": "sanitize-html", | ||
"version": "2.5.1", | ||
"version": "2.5.2", | ||
"description": "Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis", | ||
@@ -5,0 +5,0 @@ "sideEffects": false, |
@@ -24,2 +24,3 @@ # sanitize-html | ||
HTML comments are not preserved. | ||
Additionally, `sanitize-html` escapes _ALL_ text content - this means that ampersands, greater-than, and less-than signs are converted to their equivalent HTML character references (`&` --> `&`, `<` --> `<`, and so on). Additionally, in attribute values, quotation marks are escaped as well (`"` --> `"`). | ||
@@ -26,0 +27,0 @@ ## Requirements |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
74327
740
634