File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ <a name =" 3.0.3 " ></a >
2+ ## [ 3.0.3] ( https://github.com/kolkov/angular-editor/compare/v3.0.2...v3.0.3 ) (2025-01-22) - Security Hotfix
3+
4+ ### Security
5+ * ** CRITICAL:** Fixed XSS vulnerability in ` refreshView() ` method ([ #580 ] ( https://github.com/kolkov/angular-editor/issues/580 ) ) ([ 774a97d] ( https://github.com/kolkov/angular-editor/commit/774a97d ) )
6+ - XSS could bypass sanitizer when setting editor value via ngModel/formControl
7+ - Sanitization now properly applied to all innerHTML assignments
8+ - Thanks to @MarioTesoro for responsible disclosure with PoC
9+
10+ ### Bug Fixes
11+ * ** links:** Preserve relative URLs when editing existing links ([ #359 ] ( https://github.com/kolkov/angular-editor/issues/359 ) ) ([ c691d30] ( https://github.com/kolkov/angular-editor/commit/c691d30 ) )
12+ - Use ` getAttribute('href') ` instead of ` .href ` property
13+ - Prevents adding hostname to relative paths
14+ * ** debug:** Remove debug ` console.log ` statement from focus() method ([ #324 ] ( https://github.com/kolkov/angular-editor/issues/324 ) ) ([ c691d30] ( https://github.com/kolkov/angular-editor/commit/c691d30 ) )
15+
16+ ### Upgrade Recommendation
17+ ** IMMEDIATE UPGRADE RECOMMENDED** for all users. This release fixes a critical security vulnerability.
18+
19+ ---
20+
121<a name =" 3.0.2 " ></a >
222## [ 3.0.2] ( https://github.com/kolkov/angular-editor/compare/v3.0.1...v3.0.2 ) (2025-01-22)
323
Original file line number Diff line number Diff line change 11{
22 "name" : " @kolkov/angular-editor" ,
3- "version" : " 3.0.2 " ,
3+ "version" : " 3.0.3 " ,
44 "description" : " A simple native WYSIWYG editor for Angular 20+. Rich Text editor component for Angular." ,
55 "author" : " Andrey Kolkov <a.kolkov@gmail.com>" ,
66 "repository" : " https://github.com/kolkov/angular-editor" ,
You can’t perform that action at this time.
0 commit comments