Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

sanitize-html

Package Overview
Dependencies
Maintainers
10
Versions
114
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sanitize-html - npm Package Versions

1
12

1.7.2

Diff

Changelog

Source

1.7.2:

removed array-includes dependency in favor of indexOf, which is a little more verbose but slightly faster and doesn't require a shim. Thanks again to Joseph Dykstra.

boutell
published 1.7.1 •

Changelog

Source

1.7.1:

removed lodash dependency, adding lighter dependencies and polyfills in its place. Thanks to Joseph Dykstra.

boutell
published 1.7.0 •

Changelog

Source

1.7.0:

introduced allowedSchemesByTag option. Thanks to Cameron Will.

boutell
published 1.6.1 •

Changelog

Source

1.6.1:

the string 'undefined' (as opposed to undefined) is perfectly valid text and shouldn't be expressly converted to the empty string.

boutell
published 1.6.0 •

Changelog

Source

1.6.0:

added textFilter option. Thanks to Csaba Palfi.

boutell
published 1.5.3 •

Changelog

Source

1.5.3:

do not escape special characters inside a script or style element, if they are allowed. This is consistent with the way browsers parse them; nothing closes them except the appropriate closing tag for the entire element. Of course, this only comes into play if you actually choose to allow those tags. Thanks to aletorrado.

boutell
published 1.5.2 •

Changelog

Source

1.5.2:

guard checks for allowed attributes correctly to avoid an undefined property error. Thanks to Zeke.

boutell
published 1.5.1 •

Changelog

Source

1.5.1:

updated to htmlparser2 1.8.x. Started using the decodeEntities option, which allows us to pass our filter evasion tests without the need to recursively invoke the filter.

boutell
published 1.5.0 •

Changelog

Source

1.5.0:

support for * wildcards in allowedAttributes. With tests. Thanks to Calvin Montgomery.

boutell
published 1.4.3 •

Changelog

Source

1.4.3:

invokes itself recursively until the markup stops changing to guard against this issue. Bump to htmlparser2 version 3.7.x.

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc