dompurify 2.0.3

npm / dompurify / 2.0.3 source ↗

• Fixed another mXSS variation affecting Chrome, Safari and Edge relating to HTML templates
• Fixed a bug in the config parser leading to unexpected results

Credits for the bypass again go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix :bowing_man: :bowing_woman: