Bi-Weekly Release: sanitize-html 2.0.0

Current Focus

We’re happy to announce the release of sanitize-html 2.0.0 ! This utility is a work horse in ApostropheCMS, but many people have found it useful in totally unrelated projects as well.

With the new major version, we are no longer including a front end build for direct use in browsers. This enables developers to integrate it into their custom client-side builds more easily, makes it less opinionated regarding client-side use, and avoids a second stream of maintenance. There are a number of backwards compatibility concerns to keep in mind while upgrading, so be sure to read through the release notes for details. We will continue to support the 1.x version of sanitize-html as far as bug fixes and security issues for the foreseeable future.

Standard bi-weekly release notes below.

Release Notes

sanitize-html 2.0.0

  • Upgrade is-plain-object package with named export. Thanks to Bogdan Chadkin for the contribution.

Backwards compatibility breaks:

  • Node.js 10 or higher is required.
  • There is no build. You should no longer directly link to a sanitize-html file directly in the browser as it is using modern javascript that is not fully supported by all major browsers. You should now include sanitize-html in your project build for this purpose if you have one.
  • The default allowedTags array has been updated significantly. This mostly added HTML tags to be more comprehensive by default. You should review your projects and consider the allowedTags defaults if you are not already overriding them.

sanitize-html 1.27.5

  • Fixes an IE11 regression by replacing Array.prototype.includes with Array.prototype.indexOf .

apostrophe (core) 2.111.4

  • The “View File” button now functions as intended by accessing the original version of an image, not a scaled version. Thanks to Quentin Mouraret for this contribution.=
  • LESS compilation errors during apostrophe:generation are now reported properly, resulting in a clean process exit.

apostrophe-guides 1.0.1

  • Changes LESS import to a link in order to fix a LESS compile error when assets are minified.
  • Removes ES6 features that Uglify was breaking on.
  • Sets a base font-size for the guide so avoid project-level style conflicts.

apostrophe-pubmed-import 1.0.9

  • Removes the package-lock file. Updates package metadata.