Skip to content
Changelog Hub

dompurify 2.0.1

npm / dompurify / 2.0.1 source

  • Fixed a bypass affecting latest Chrome, caused by a newly discovered Chrome mXSS vulnerability
  • Added tests to cover implemented fixes

Credits go to Michał Bentkowski (@SecurityMB) of Securitum who spotted the bug in Chrome, turned it into a DOMPurify bypass, reported and helped verifying the fix. :bow: