dompurify 2.0.16

npm / dompurify / 2.0.16 source ↗

• Fixed an mXSS-based bypass caused by nested forms inside MathML
• Fixed a security error thrown on older Chrome on Android versions, see #470

Credits for the bypass go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix :bowing_man: :bowing_woman: