sanitize-html - npm Package Compare versions

Comparing version 2.7.1 to 2.7.2

index.js

@@ -524,2 +524,10 @@ const htmlparser = require('htmlparser2');
       }
+
+      if (frame.tag !== name) {
+        // Another case of bad markup.
+        // Push to stack, so that it will be used in future closing tags.
+        stack.push(frame);
+        return;
+      }
+
       skipText = options.enforceHtmlBoundary ? name === 'html' : false;
@@ -526,0 +534,0 @@ depth--;

package.json

 {
   "name": "sanitize-html",
-  "version": "2.7.1",
+  "version": "2.7.2",
   "description": "Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis",
@@ -5,0 +5,0 @@ "sideEffects": false,

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

53003

increased by0.37%

Lines of code

766

increased by0.79%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes