Skip to content
Navigation Menu
Toggle navigation
Sign in
Product
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
GitHub Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
All features
Documentation
GitHub Skills
Blog
Solutions
By size
Enterprise
Teams
Startups
By industry
Healthcare
Financial services
Manufacturing
By use case
CI/CD & Automation
DevOps
DevSecOps
Resources
Topics
AI
DevOps
Innersource
Open Source
Security
Software Development
Explore
Learning Pathways
White papers, Ebooks, Webinars
Customer Stories
Partners
Open Source
GitHub Sponsors
Fund open source developers
The ReadME Project
GitHub community articles
Repositories
Topics
Trending
Collections
Enterprise
Enterprise platform
AI-powered developer platform
Available add-ons
Advanced Security
Enterprise-grade security features
GitHub Copilot
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
cure53
/
DOMPurify
Public
Notifications
You must be signed in to change notification settings
Fork
690
Star
13.3k
Code
Issues
0
Pull requests
0
Actions
Projects
0
Wiki
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Commits
Breadcrumbs
History for
DOMPurify
src
on
main
User selector
All users
All time
Commit History
Commits on Jul 4, 2024
fix: Made sure that remove() is not called directly from node
cure53
committed
Jul 4, 2024
6e03334
fix: Fixed a DOM clobbering issue leading to an error being thrown
cure53
committed
Jul 4, 2024
00fc06c
Commits on Jun 25, 2024
fix: Changed the order for attribute checks slightly for safer hooks
cure53
committed
Jun 25, 2024
fa542df
Commits on Jun 17, 2024
fix(typo): found by
codespell
Rotzbua
committed
Jun 17, 2024
bb69e53
Commits on May 27, 2024
chore: Experimentally removing the depth counter logic as we have better defenses now
cure53
committed
May 27, 2024
7cf4890
Commits on May 18, 2024
fix: Added MSIE number check fix to main as well
cure53
committed
May 18, 2024
1223487
Commits on May 17, 2024
Add popover attributes to allow list
Gigabyte5671
committed
May 17, 2024
28c1828
Commits on May 8, 2024
fix: Added smaller-than-null check for __depth hardening code
cure53
committed
May 8, 2024
b20ce99
fix: Hardened the depth tracking code against prototype pollution
cure53
committed
May 8, 2024
1e52026
Commits on May 7, 2024
fix: Made the regex for comment scrubbing a bit stricter
cure53
committed
May 7, 2024
8df72f1
fix: Expanded the comment scrubbing regex matching a bit further
cure53
committed
May 7, 2024
ae517d6
fix: Added better configurability for new comment behavior
cure53
committed
May 7, 2024
b6818ce
Commits on May 5, 2024
docs: Changed inline comments slightly to be more accurate
cure53
committed
May 5, 2024
aafd7a8
fix: Added experiemental comment scrubbing inside attributes
cure53
committed
May 5, 2024
d1d5d22
Commits on May 3, 2024
refac: refactoring nodeType by adding a NODE_TYPE object
ssi02014
committed
May 3, 2024
c68783e
fix: Added experimental change to prohibit __depth clobbering
cure53
committed
May 3, 2024
abb21f8
fix: Added experimental clobbering check after removal
cure53
committed
May 3, 2024
7422567
Commits on Apr 29, 2024
fix: Adjusted the list of permitted SVG HTML integration points
cure53
committed
Apr 29, 2024
8075b37
Commits on Apr 27, 2024
fix: Switched to using the getParentNode API for some calls
cure53
committed
Apr 27, 2024
61b761f
Commits on Apr 26, 2024
fix: Set the MAX_NESTING_DEPTH to 255 for good measure and adjusted tests
cure53
committed
Apr 26, 2024
809a902
Commits on Apr 24, 2024
fix: added __removalCount to account for nodes removed from parents when calculating depth
icesfont
committed
Apr 24, 2024
813d065
fix: Fixed a faulty edit and changed the code acccordingly
cure53
committed
Apr 24, 2024
6dbc2bd
fix: Added experimental __depth increment for copied elements
cure53
committed
Apr 24, 2024
65d35b8
fix: Added __depth tracking for ShadowDOM and template elements as well
cure53
committed
Apr 24, 2024
4299c0a
fix: Slightly changed the execution order for __depth tracking
cure53
committed
Apr 24, 2024
81d963c
fix: Added __depth field to sanitized DOM nodes for better tracking
cure53
committed
Apr 24, 2024
ce799c3
Commits on Apr 23, 2024
fix: Fixed an off-by-one with the nesting counter causing over-sanitization
cure53
committed
Apr 23, 2024
f051738
fix: Changed the behavior of the nesting counter ever so slightly
cure53
committed
Apr 23, 2024
c725ce0
fix: Addressed a possible bypass issue caused by deep-nesting
cure53
committed
Apr 23, 2024
c5369f2
Commits on Apr 3, 2024
fix: Changed the SAFE_FOR_XML config assignment slightly
cure53
committed
Apr 3, 2024
bf1f5cf
feature: Added new config option to control comment sanitization
cure53
committed
Apr 3, 2024
3a00950
Commits on Mar 26, 2024
fix: Removed the unnecessary clobbering check for elm.data
cure53
committed
Mar 26, 2024
1ebcfd4
fix: Rolling back changes from previous fixes, trying more aggressive comment handling
cure53
committed
Mar 26, 2024
fc3c781
fix: Enhanced the fix for comments inside XML
cure53
committed
Mar 26, 2024
8a0dcf8
fix: Added an experimental fix to treat unwanted XML comment behavior
cure53
committed
Mar 26, 2024
0f473ef
Pagination
Previous
Next
You can’t perform that action at this time.
