Small change to HTML with massive impact on eliminating mXSS attacks

GitHub

Escape "<" and ">" when serializing attribute values · whatwg/html@e21bd3b

Avoid a class of XSS attacks where markup goes through a lossy parse-serialize-parse roundtrip and the original attribute value is parsed in the da...

DOMPurify 3.2.6 has been release with several smaller fixes and improvements, thanks to all who contributed 💕

GitHub

Release DOMPurify 3.2.6 · cure53/DOMPurify

Fixed several typos and removed clutter from our documentation, thanks @Rotzbua Added matrix: as an allowed URI scheme, thanks @kleinesfilmroellche...

Hopefully this will also help with the CI/CD issues that arose after the fake CVE was posted last week.