dompurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
Security Advisories for dompurify in npm
Moderate
about 1 month ago
DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
npm
dompurify
Moderate
about 1 month ago
DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode
npm
dompurify
Moderate
about 1 month ago
DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
npm
dompurify
Moderate
about 2 months ago
DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation
npm
dompurify
Moderate
2 months ago
DOMPurify USE_PROFILES prototype pollution allows event handlers
npm
dompurify
Moderate
2 months ago
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
npm
dompurify
Potential
High
over 1 year ago
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
npm
mermaid
Repackage
Repackage