Sourced from dompurify's releases.

DOMPurify 2.4.1

• Added new config option ALLOWED_NAMESPACES for better XML handling, thanks @​kevin-deyoungster @​tosmolka
• Added better detection of template literals when SAFE_FOR_TEMPLATES is true
• Fixed an exception caused by DOM clobbering, thanks @​masatokinugawa
• Bumped some dependencies, thanks @​marcpenya-tf

DOMPurify 2.4.0

• Removed bundled types again as they caused too much trouble

DOMPurify 2.3.12

• Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @​Mirco469, @​brentkeller, @​aryanisml

DOMPurify 2.3.11

• Added generated type definitions for better compatibility
• Added SANITIZE_NAMED_PROPS config option, thanks @​SoheilKhodayari
• Updated README and config documentation, thanks @​0xedward
• Updated test suite with newer Node versions

DOMPurify 2.3.10

• Added support for sanitization of attributes requiring Trusted Types, thanks @​tosmolka

DOMPurify 2.3.9

• Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
• Bumped some dependencies, thanks @​is2ei
• Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

• Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

• Fixes around a bug in Safari, thanks @​sybrew
• Slightly improved performance, thanks @​tiny-ben-tran
• Lots of chores, bumps and typo fixes, thanks @​is2ei
• Removed unnecessary string trimming, thanks @​christopherehlen

DOMPurify 2.3.6

• Added an option to allow HTML5 doctypes, thanks @​tosmolka
• Bumped several dependencies, thanks @​is2ei
• Updated documentation to cover recently added flags, thanks @​is2ei

DOMPurify 2.3.5

• Performed several chores and cleanups, thanks @​is2ei
• Fixed a bug when working with Trusted Types, thanks @​tosmolka
• Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @​tosmolka
• Added more SVG attributes to allow-list, thanks @​rzhade3

• 67f784c chore: preparing 2.4.1 release
• e50e814 Merge pull request #731 from cure53/dependabot/npm_and_yarn/minimatch-3.1.2
• 4712fa3 test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge v2
• 48d009c test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge
• 36eb7c3 build(deps): bump minimatch from 3.0.4 to 3.1.2
• 16232f0 Merge pull request #730 from cure53/dependabot/npm_and_yarn/socket.io-parser-...
• 5f77429 Merge pull request #729 from kevin-deyoungster/kdeyoungster/xml
• 7a77304 build(deps): bump socket.io-parser from 4.0.4 to 4.0.5
• 36fc276 lint new changes
• c2c1b11 Experiment with ALLOWED_NAMESPACES
• Additional commits viewable in compare view

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)