sanitize-html - npm Package Versions

1.16.3:

Don't throw away the browserified versions before publishing them. prepare is not a good place to make clean, it runs after prepublish.

1.16.2:

sanitize-html is now compiled with babel. An npm prepublish script takes care of this at npm publish time, so the latest code should always be compiled to operate all the way back to ES5 browsers and earlier versions of Node. Thanks to Ayushya Jaiswal.

Please note that running sanitize-html in the browser is usually a security hole. Are you trusting the browser? Anyone could bypass that using the network panel. Sanitization is almost always best done on servers and that is the primary use case for this module.

1.16.1:

changelog formatting only.

1.16.0:

support for sanitizing inline CSS styles, by specifying the allowed attributes and a regular expression for each. Thanks to Cameron Will and Michael Loschiavo.

1.15.0:

if configured as an allowed attribute (not the default), check for naughty URLs in srcset attributes. Thanks to Mike Samuel for the nudge to do this and to Sindre Sorhus for the srcset module.

1.14.3:

inadvertent removal of lodash regexp quote dependency in 1.14.2 has been corrected.

1.14.2:

protocol-relative URL detection must spot URLs starting with \\ rather than // due to ages-old tolerance features of web browsers, intended for sleepy Windows developers. Thanks to Martin Bajanik.

1.14.1:

documented allowProtocolRelative option. No code changes from 1.14.0, released a few moments ago.

1.14.0:

the new allowProtocolRelative option, which is set to true by default, allows you to decline to accept URLs that start with // and thus point to a different host using the current protocol. If you do not want to permit this, set this option to false. This is fully backwards compatible because the default behavior is to allow them. Thanks to Luke Bernard.

1.13.0:

transformTags can now add text to an element that initially had none. Thanks to Dushyant Singh.