diff --git a/README.md b/README.md index 48229efab..e8094265a 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,13 @@ DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. -It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version **v3.1.7**. +It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version **v3.2.0**. DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Edge, Firefox and Chrome - as well as almost anything else using Blink, Gecko or WebKit). It doesn't break on MSIE or other legacy browsers. It simply does nothing. **Note that [DOMPurify v2.5.7](https://github.com/cure53/DOMPurify/releases/tag/2.5.7) is the latest version supporting MSIE. For important security updates compatible with MSIE, please use the [2.x branch](https://github.com/cure53/DOMPurify/tree/2.x).** -Our automated tests cover [19 different browsers](https://github.com/cure53/DOMPurify/blob/main/test/karma.custom-launchers.config.js#L5) right now, more to come. We also cover Node.js v16.x, v17.x, v18.x and v19.x, running DOMPurify on [jsdom](https://github.com/jsdom/jsdom). Older Node versions are known to work as well, but hey... no guarantees. +Our automated tests cover [24 different browsers](https://github.com/cure53/DOMPurify/blob/main/test/karma.custom-launchers.config.js#L5) right now, more to come. We also cover Node.js v16.x, v17.x, v18.x and v19.x, running DOMPurify on [jsdom](https://github.com/jsdom/jsdom). Older Node versions are known to work as well, but hey... no guarantees. DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not. For more details please also read about our [Security Goals & Threat Model](https://github.com/cure53/DOMPurify/wiki/Security-Goals-&-Threat-Model). Please, read it. Like, really. diff --git a/bower.json b/bower.json index 3db27572d..bbfbadedf 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "dompurify", - "version": "3.1.7", + "version": "3.2.0", "homepage": "https://github.com/cure53/DOMPurify", "author": "Cure53 ", "description": "A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG", diff --git a/dist/purify.cjs.d.ts b/dist/purify.cjs.d.ts index 95677a195..ab7c591f4 100644 --- a/dist/purify.cjs.d.ts +++ b/dist/purify.cjs.d.ts @@ -1,4 +1,4 @@ -/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ +/*! @license DOMPurify 3.2.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.0/LICENSE */ /** * Configuration to control DOMPurify behavior. diff --git a/dist/purify.cjs.js b/dist/purify.cjs.js index f1147300c..24913b4e8 100644 --- a/dist/purify.cjs.js +++ b/dist/purify.cjs.js @@ -1,4 +1,4 @@ -/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ +/*! @license DOMPurify 3.2.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.0/LICENSE */ 'use strict'; @@ -284,7 +284,7 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - DOMPurify.version = '3.1.7'; + DOMPurify.version = '3.2.0'; DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function diff --git a/dist/purify.es.d.mts b/dist/purify.es.d.mts index fddbc7739..0d69f580d 100644 --- a/dist/purify.es.d.mts +++ b/dist/purify.es.d.mts @@ -1,4 +1,4 @@ -/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ +/*! @license DOMPurify 3.2.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.0/LICENSE */ /** * Configuration to control DOMPurify behavior. diff --git a/dist/purify.es.mjs b/dist/purify.es.mjs index 5b87ae245..fcbd05100 100644 --- a/dist/purify.es.mjs +++ b/dist/purify.es.mjs @@ -1,4 +1,4 @@ -/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ +/*! @license DOMPurify 3.2.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.0/LICENSE */ const { entries, @@ -282,7 +282,7 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - DOMPurify.version = '3.1.7'; + DOMPurify.version = '3.2.0'; DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function diff --git a/dist/purify.js b/dist/purify.js index 9deb30973..009b69fef 100644 --- a/dist/purify.js +++ b/dist/purify.js @@ -1,4 +1,4 @@ -/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ +/*! @license DOMPurify 3.2.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.0/LICENSE */ (function (global, factory) { typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() : @@ -288,7 +288,7 @@ function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - DOMPurify.version = '3.1.7'; + DOMPurify.version = '3.2.0'; DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function diff --git a/dist/purify.min.js b/dist/purify.min.js index c36144114..975b1531f 100644 --- a/dist/purify.min.js +++ b/dist/purify.min.js @@ -1,4 +1,4 @@ -/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ +/*! @license DOMPurify 3.2.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.0/LICENSE */ (function (global, factory) { typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() : @@ -288,7 +288,7 @@ function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - DOMPurify.version = '3.1.7'; + DOMPurify.version = '3.2.0'; DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function diff --git a/package-lock.json b/package-lock.json index d5c8fff0b..45b551f65 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "dompurify", - "version": "3.1.7", + "version": "3.2.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "dompurify", - "version": "3.1.7", + "version": "3.2.0", "license": "(MPL-2.0 OR Apache-2.0)", "devDependencies": { "@babel/core": "^7.17.8", diff --git a/package.json b/package.json index 69242c3cc..0b70918c3 100644 --- a/package.json +++ b/package.json @@ -133,7 +133,7 @@ }, "name": "dompurify", "description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", - "version": "3.1.7", + "version": "3.2.0", "directories": { "test": "test" }, diff --git a/website/index.html b/website/index.html index 3119d9b0b..977ae55fe 100644 --- a/website/index.html +++ b/website/index.html @@ -2,7 +2,7 @@ - DOMPurify 3.1.7 "Glow Stick" + DOMPurify 3.2.0 "Typewriter" @@ -23,7 +23,7 @@ -

DOMPurify 3.1.7 "Glow Stick"

+

DOMPurify 3.2.0 "Typewriter"

npm version Build and Test