Rev 1042 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1042 | Rev 1422 | ||
|---|---|---|---|
| Line 4... | Line 4... | ||
| 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), |
4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), |
| 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
| 6 | 6 | ||
| 7 | ## Unreleased |
7 | ## Unreleased |
| 8 | 8 | ||
| - | 9 | ## 5.10.8 - 2023-10-19 |
|
| - | 10 | ||
| - | 11 | ### Fixed |
|
| - | 12 | - Specific HTML content caused mXSS when using undo/redo. #TINY-10215 |
|
| - | 13 | - Specific HTML content caused mXSS when using the `getContent` and `setContent` APIs with the `format: 'raw'` option, which also affected the `resetContent` API and the draft restoration feature of the Autosave plugin. #TINY-10236 |
|
| - | 14 | - Notification messages containing HTML were not properly XSS sanitized before being displayed. #TINY-10286 |
|
| - | 15 | ||
| 9 | ## 5.10.7 - 2022-12-06 |
16 | ## 5.10.7 - 2022-12-06 |
| 10 | 17 | ||
| 11 | ### Fixed |
18 | ### Fixed |
| 12 | - HTML in messages for the `WindowManager.alert` and `WindowManager.confirm` APIs were not properly sanitized. #TINY-3548 |
19 | - HTML in messages for the `WindowManager.alert` and `WindowManager.confirm` APIs were not properly sanitized. #TINY-3548 |
| 13 | 20 | ||