Rev 1042 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1042 | Rev 1422 | ||
---|---|---|---|
Line 4... | Line 4... | ||
4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), |
4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), |
5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
6 | 6 | ||
7 | ## Unreleased |
7 | ## Unreleased |
8 | 8 | ||
- | 9 | ## 5.10.8 - 2023-10-19 |
|
- | 10 | ||
- | 11 | ### Fixed |
|
- | 12 | - Specific HTML content caused mXSS when using undo/redo. #TINY-10215 |
|
- | 13 | - Specific HTML content caused mXSS when using the `getContent` and `setContent` APIs with the `format: 'raw'` option, which also affected the `resetContent` API and the draft restoration feature of the Autosave plugin. #TINY-10236 |
|
- | 14 | - Notification messages containing HTML were not properly XSS sanitized before being displayed. #TINY-10286 |
|
- | 15 | ||
9 | ## 5.10.7 - 2022-12-06 |
16 | ## 5.10.7 - 2022-12-06 |
10 | 17 | ||
11 | ### Fixed |
18 | ### Fixed |
12 | - HTML in messages for the `WindowManager.alert` and `WindowManager.confirm` APIs were not properly sanitized. #TINY-3548 |
19 | - HTML in messages for the `WindowManager.alert` and `WindowManager.confirm` APIs were not properly sanitized. #TINY-3548 |
13 | 20 |