Details
-
Task
-
Resolution: Fixed
-
Major
-
17.10.9, 18.4.1, 18.5.0
-
None
-
Unknown
-
N/A
-
N/A
-
Description
v3.4.11: DOMPurify 3.4.11
- Fixed an issue with a leaky config for hooks via setConfig, thanks @trace37labs
- Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
- Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
- Updated up the linting tool-chain and removed now-redundant lint directives
- Updated the documentation is several spots, README, wiki, etc.
- Bumped several dependencies where possible
v3.4.10: DOMPurify 3.4.10
- Refactored codebase for clarity: extracted the public type declarations into types.ts
- Decomposed the three largest sanitizer functions into focused helpers
- Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
- Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
- Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
- Reduced CI cost by running the full three-engine browser suite once per PR
- Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
- Documented the bench and test:happydom scripts in the README
- Completed the Attack Classes & Bypass History wiki page
- Bumped several dependencies where possible