Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

sanitize-html

Package Overview
Dependencies
Maintainers
13
Versions
114
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sanitize-html - npm Package Versions

1
12

2.0.0-rc.2

Diff

Changelog

Source

2.0.0-rc.2 (2020-09-09):

  • Always use existing has function rather than duplicating it.
alexbea
published 2.0.0-rc.1 •

Changelog

Source

2.0.0-rc.1 (2020-08-26):

  • Upgrade klona package. Thanks to Bogdan Chadkin for the contribution.
alexbea
published 1.27.4 •

Changelog

Source

1.27.4 (2020-08-26):

  • Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.
alexbea
published 1.27.3 •

Changelog

Source

1.27.3 (2020-08-12):

  • Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.
alexbea
published 2.0.0-beta.2 •

Changelog

Source

2.0.0-beta.2:

  • Add files to package.json to prevent publishing unnecessary files to npm #392. Thanks to styfle for the contribution.
  • Removes iframe and nl from default allowed tags. Adds most innocuous tags to the default allowedTags array.
  • Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.
alexbea
published 1.27.2 •

Changelog

Source

1.27.2 (2020-07-29):

  • Fixes CHANGELOG links. Thanks to Alex Mayer for the contribution.
  • Replaces srcset with parse-srcset. Thanks to Massimiliano Mirra for the contribution.
alexbea
published 2.0.0-beta •

Changelog

Source

2.0.0-beta:

  • Moves the index.js file to the project root and removes all build steps within the package. Going forward, it is up to the developer to include sanitize-html in their project builds as-needed. This removes major points of conflict with project code and frees this module to not worry about myriad build-related questions.
  • Replaces lodash with utility packages: klona, is-plain-object, deepmerge, escape-string-regexp.
  • Makes custom tag transformations less error-prone by escaping frame innerText. Thanks to Mike Samuel for the contribution. Prior to this patch, tag transformations which turned an attribute value into a text node could be vulnerable to code execution.
  • Updates code to use modern features including const/let variable assignment.
  • ESLint clean up.
  • Updates is-plain-object to the 4.x major version.
  • Updates srcset to the 3.x major version.

Thanks to Bogdan Chadkin for contributions to this major version update.

alexbea
published 1.27.1 •

Changelog

Source

1.27.1 (2020-07-15):

  • Removes the unused chalk dependency.
  • Adds configuration for a Github stale bot.
  • Replace xtend package with native Object.assign.
alexbea
published 1.27.0 •

Changelog

Source

1.27.0:

  • Adds the allowedIframeDomains option. This works similar to allowedIframeHostnames, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframe src attributes. Thanks to Stanislav Kravchenko for the contribution.
alexbea
published 1.26.0 •

Changelog

Source

1.26.0:

  • Adds the option element to the default nonTextTagsArray of tags with contents that aren't meant to be displayed visually as text. This can be overridden with the nonTextTags option.
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc