Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

xmldom

Package Overview
Dependencies
Maintainers
5
Versions
36
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

xmldom - npm Package Versions

234

0.6.0

Diff

Changelog

Source

0.6.0

Commits

Fixes

  • Stop serializing empty namespace values like xmlns:ds="" #168
    BREAKING CHANGE: If your code expected empty namespaces attributes to be serialized.
    Thank you, @pdecat and @FranckDepoortere
  • Escape < to &lt; when serializing attribute values #198 / #199
brodybits
published 0.5.0 •

Changelog

Source

0.5.0

Commits

Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)

    • Improve error reporting; throw on duplicate attribute
      BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them. It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

      To accomplish this and also be able to verify it in tests I needed to

      • create a new Error type ParseError and export it
      • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
      • export DOMHandler constructor as __DOMHandler
    • Preserve quotes in DOCTYPE declaration Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes. BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping. (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

      https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors' directives when parsing attributes #171

  • fix(dom): Escape ]]&gt; when serializing CharData #181

  • Switch to (only) MIT license (drop problematic LGPL license option) #178

  • Export DOMException; remove custom assertions; etc. #174

Docs

  • Update MDN links in readme.md #188
brodybits
published 0.4.0 •

Changelog

Source

0.4.0

Commits

Fixes

  • BREAKING Restore &nbsp; behavior from v0.1.27 #67
  • BREAKING Typecheck source param before parsing #113
  • Include documents in package files list #156
  • Preserve doctype with sysid #144
  • Remove ES6 syntax from getElementsByClassName #91
  • Revert "Add lowercase of åäö in entityMap" due to duplicate entries #84
  • fix: Convert all line separators to LF #66

Docs

  • Update CHANGELOG.md through version 0.3.0 #63
  • Update badges #78
  • Add .editorconfig file #104
  • Add note about import #79
  • Modernize & improve the example in readme.md #81

CI

  • Add Stryker Mutator #70
  • Add Stryker action to update dashboard #77
  • Add Node GitHub action workflow #64
  • add & enable eslint #106
  • Use eslint-plugin-es5 to enforce ES5 syntax #107
  • Recover vows tests, drop proof tests #59
  • Add jest tessuite and first tests #114
  • Add jest testsuite with xmltest cases #112
  • Configure Renovate #108
  • Test European HTML entities #86
  • Updated devDependencies

Other

  • Remove files that are not of any use #131, #65, #33
kethinov
published 0.3.0 •

Changelog

Source

0.3.0

Commits

brodybits
published 0.2.1 •

Changelog

Source

0.2.1

Commits

  • Correct homepage, repository and bugs URLs in package.json.
brodybits
published 0.2.0 •

Changelog

Source

0.2.0

Commits

brodybits
published 0.1.31 •

Changelog

Source

0.1.31

Commits

The patch versions (v0.1.29 - v0.1.31) that have been released on the v0.1.x branch, to reflect the changed maintainers, are branched off from v0.1.27 so they don't include the breaking changes introduced in xmldom-alpha@v0.1.28:

Maintainer changes

After the last commit to the original repository https://github.com/jindw/xmldom on the 9th of May 2017, the first commit to https://github.com/xmldom/xmldom is from the 19th of December 2019. The fork has been announced in the original repository on the 2nd of March 2020.

The versions listed below have been published to one or both of the following packages:

It is currently not planned to continue publishing the xmldom-alpha package.

The new maintainers did not invest time to understand changes that led to the last xmldom version 0.1.27 published by the original maintainer, but consider it the basis for their work. A timeline of all the changes that happened from that version until 0.3.0 is available in https://github.com/xmldom/xmldom/issues/62. Any related questions should be asked there.

brodybits
published 0.1.30 •

brodybits
published 0.1.29 •

jindw
published 0.1.27 •

Changelog

Source

0.1.27

Published by @jindw on the 28th of Nov 2016 as

  • xmldom@0.1.27

  • xmldom-alpha@0.1.27

  • Various bug fixes.

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc