sanitize-html - npm Package Versions

1.4.1, 1.4.2:

more tests.

1.4.1, 1.4.2:

more tests.

1.3.0:

attribs now available on frames passed to exclusive filter.

1.2.3:

fixed another possible XSS attack vector; no definitive exploit was found but it looks possible. See this issue. Thanks to Jim O'Brien.

1.2.2:

reject javascript: URLs when disguised with an internal comment. This is probably not respected by browsers anyway except when inside an XML data island element, which you almost certainly are not allowing in your allowedTags, but we aim to be thorough. Thanks to Jim O'Brien.

1.2.1:

fixed crashing bug when presented with bad markup. The bug was in the exclusiveFilter mechanism. Unit test added. Thanks to Ilya Kantor for catching it.

1.2.0:

• The allowedClasses option now allows you to permit CSS classes in a fine-grained way.

• Text passed to your exclusiveFilter function now includes the text of child elements, making it more useful for identifying elements that truly lack any inner text.

1.1.7:

use he for entity decoding, because it is more actively maintained.

1.1.5:

just a packaging thing.