And there is fire where we walk.
DOMPurify 2.5.9 and DOMPurify 3.3.2 were released today in a rush to fix a security issue caused by jsdom's faulty tag parsing.
A total of four people reported the exacty same bug within a window of three days.
One did so via email, thank you. One did so via private security advisory, thank you too.
One however simply published a ticket for everyone to see, the other one just dropped a CVE on us without a working fix release. Thanks for nothing.
Lands of Packets
TTL exceeded.
I would like to collect texts from the scene about FX in his memory. A collection of obituaries that will then be posted on phenoelit.de.
If anyone would like to contribute, please contact me.
Mail: joernchen@phenoelit.de
Signal: jrn.07
RIP FX - You are a legend.
Here Dino is delivering his Pwnie Award, as well as the last public post FX made last year.
@fluepke We frankly do not care, sorry not sorry 😅
From what can be seen, they don't call us "Partner" but just list us as a firm. So, not too triggered by all that overly much.
Thank you for the ping though, we had worse stuff being published in the past and then actually decided to do something against it.
@fluepke @schrotthaufen We had no prior knowledge about this website until you mentioned us 😅
But also kind of don't really care.
We have slightly updated the publicly available contract templates for NDA, MSA and DPA. File format is ODT as usual.
Feel free to, just as before, use them as you see it fit for your own purposes 😄
@GossiTheDog Proudly serving no cookies or whatsoever on cure53.de ever since the website went online.
We do receive mails from folks that complain about the missing banner though, assuming something is wrong.
DOMPurify 3.3.0 is out. You can now configure which tags can have which attributes much more easily.
https://github.com/cure53/DOMPurify/releases/tag/3.3.0
Thanks again to everyone who contributed to and supported the project. ❤️
DOMPurify 3.3.0 will soon be released, with this likely being the most important change in a long time:
@ll1t So, basically what we already do, just about chest hair, not websites.
@ll1t What is a last first responder? Like an "omgee sorry I am late, oh you already done? well, nice." kind of a thing? They teach that?
@ll1t I'm not sure about liver, but in Mett, we're talking about three to four hedgehogs.
@ll1t In recent years, thousands of European men have suffered from vegetarian shock, which can lead to the spontaneous loss of chest hair and worse. How dare you mock their misery!
@alphaville Yes, we don't!
@alphaville Absolutely, full qDOM support including form node disentanglement is already available in PlatinumSanity Pro.
@alphaville Running dompurify.exe as admin will auto-activate a free 30-day PlatinumSanity Pro subscription and enable our Platform AI features to boost your productivity.
So, yes. Of course. I guess. No?
How do you like our new website we learned about just today?
Please make sure to run dompurify.exe on Windows 11 for best possible experience and Full HD.
Intutively for a DOM Sanitizer configuration that looks like the following:
{
elements: ["div", "span"],
attributes: ["class"],
}
For a <div> element, which attributes do you think should/would be allowed?
(Boost appreciated)
DOMPurify 3.2.7 has been released today, adding several fixes and improvements.
https://github.com/cure53/DOMPurify/releases/tag/3.2.7
Thanks to all folks who contributed 💕
