sanitize-html - npm Package Versions

2.0.0-rc.2 (2020-09-09):

• Always use existing has function rather than duplicating it.

2.0.0-rc.1 (2020-08-26):

• Upgrade klona package. Thanks to Bogdan Chadkin for the contribution.

1.27.4 (2020-08-26):

• Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.

1.27.3 (2020-08-12):

• Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.

2.0.0-beta.2:

• Add files to package.json to prevent publishing unnecessary files to npm #392. Thanks to styfle for the contribution.
• Removes iframe and nl from default allowed tags. Adds most innocuous tags to the default allowedTags array.
• Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.

1.27.2 (2020-07-29):

• Fixes CHANGELOG links. Thanks to Alex Mayer for the contribution.
• Replaces srcset with parse-srcset. Thanks to Massimiliano Mirra for the contribution.

2.0.0-beta:

• Moves the index.js file to the project root and removes all build steps within the package. Going forward, it is up to the developer to include sanitize-html in their project builds as-needed. This removes major points of conflict with project code and frees this module to not worry about myriad build-related questions.
• Replaces lodash with utility packages: klona, is-plain-object, deepmerge, escape-string-regexp.
• Makes custom tag transformations less error-prone by escaping frame innerText. Thanks to Mike Samuel for the contribution. Prior to this patch, tag transformations which turned an attribute value into a text node could be vulnerable to code execution.
• Updates code to use modern features including const/let variable assignment.
• ESLint clean up.
• Updates is-plain-object to the 4.x major version.
• Updates srcset to the 3.x major version.

Thanks to Bogdan Chadkin for contributions to this major version update.

1.27.1 (2020-07-15):

• Removes the unused chalk dependency.
• Adds configuration for a Github stale bot.
• Replace xtend package with native Object.assign.

1.27.0:

• Adds the allowedIframeDomains option. This works similar to allowedIframeHostnames, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframe src attributes. Thanks to Stanislav Kravchenko for the contribution.

1.26.0:

• Adds the option element to the default nonTextTagsArray of tags with contents that aren't meant to be displayed visually as text. This can be overridden with the nonTextTags option.