DOMPurify-Security -- Security Announcements for DOMPurify and related tools

 

About DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JаvaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (9+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on IE6 or other legacy browsers. It simply does nothing there.

More Info: DOMPurify on GitHub DOMPurify is maintained by Cure53.
About this Mailing List

This list is exclusively meant to sent security announcements about DOMPurify and related software. No other mails shall be propagated using this list.

This list is important and useful for you if you use DOMPurify in production software and/or wish to be informed about security-relevant updates. The list is expected to be very low volume.

To see the collection of prior postings to the list, visit the DOMPurify-Security Archives.

Subscribing to DOMPurify-Security

Subscribe to DOMPurify-Security by filling out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. This is a hidden list, which means that the list of members is available only to the list administrator.

    Your email address:  
    Your name (optional):  
    You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.

    If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.
    Pick a password:  
    Reenter password to confirm:  
    Which language do you prefer to display your messages?  
DOMPurify-Security Subscribers
(The subscribers list is only available to the list administrator.)

Enter your admin address and password to visit the subscribers list:

Admin address: Password:   

To unsubscribe from DOMPurify-Security, get a password reminder, or change your subscription options enter your subscription email address:

If you leave the field blank, you will be prompted for your email address
And this is totally a persistent XSS bypassing Mailman's filter. Not using DOMPurify, huh?