選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。

CHANGELOG.md 22KB

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

0.8.10

Fixed

  • dom: prevent iteration over deleted items #514/ #499

Thank you, @qtow, for your contributions

0.8.9

Fixed

  • Set nodeName property in ProcessingInstruction #509 / #505

Thank you, @cjbarth, for your contributions

0.8.8

Fixed

  • extend list of HTML entities #489

Thank you, @zorkow, for your contributions

0.8.7

Fixed

  • properly parse closing where the last attribute has no value #485 / #486

Thank you, @bulandent, for your contributions

0.7.10

Fixed

  • properly parse closing where the last attribute has no value #485 / #486

Thank you, @bulandent, for your contributions

0.8.6

Fixed

  • Properly check nodes before replacement #457 / #455 / #456

Thank you, @edemaine, @pedro-l9, for your contributions

0.8.5

Fixed

  • fix: Restore ES5 compatibility #452 / #453

Thank you, @fengxinming, for your contributions

0.8.4

Fixed

  • Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353 In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly. In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead. This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior. Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity

Thank you, @frumioj, @cjbarth, @markgollnick for your contributions

0.8.3

Fixed

  • Avoid iterating over prototype properties #437 / #436

Thank you, @Supraja9726 for your contributions

0.8.2

Fixed

  • fix(dom): Serialize &gt; as specified (#395) #58

Other

  • docs: Add nodeType values to public interface description #396
  • test: Add executable examples for node and typescript #317
  • fix(dom): Serialize &gt; as specified #395
  • chore: Add minimal Object.assign ponyfill #379
  • docs: Refine release documentation #378
  • chore: update various dev dependencies

Thank you @niklasl, @cburatto, @SheetJSDev, @pyrsmk for your contributions

0.8.1

Fixes

  • Only use own properties in entityMap #374

Docs

  • Add security policy #365
  • changelog: Correct contributor name and link #366
  • Describe release/publish steps #358, #376
  • Add snyk package health badge #360

0.8.0

Fixed

  • Normalize all line endings according to XML specs 1.0 and 1.1 \ BREAKING CHANGE: Certain combination of line break characters are normalized to a single \n before parsing takes place and will no longer be preserved.
  • XMLSerializer: Preserve whitespace character references #284 / #310 \ BREAKING CHANGE: If you relied on the not spec compliant preservation of literal \t, \n or \r in attribute values. To preserve those you will have to create XML that instead contains the correct numerical (or hexadecimal) equivalent (e.g. &#x9;, &#xA;, &#xD;).
  • Drop deprecated exports DOMImplementation and XMLSerializer from lib/dom-parser.js #53 / #309 BREAKING CHANGE: Use the one provided by the main package export.
  • dom: Remove all links as part of removeChild #343 / #355

Chore

  • ci: Restore latest tested node version to 16.x #325
  • ci: Split test and lint steps into jobs #111 / #304
  • Pinned and updated devDependencies

Thank you @marrus-sh, @victorandree, @mdierolf, @tsabbay, @fatihpense for your contributions

0.7.5

Commits

Fixes:

0.7.4

Commits

Fixes:

  • Restore ability to parse __prototype__ attributes #315 Thank you, @dsimpsonOMF

0.7.3

Commits

Fixes:

  • Add doctype when parsing from string #277 / #301
  • Correct typo in error message #294 Thank you, @rrthomas

Refactor:

  • Improve exports & require statements, new main package entry #233

Docs:

  • Fix Stryker badge #298
  • Fix link to help-wanted issues #299

Chore:

  • Execute stryker:dry-run on branches #302
  • Fix stryker config #300
  • Split test and lint scripts #297
  • Switch to stryker dashboard owned by org #292

0.7.2

Commits

Fixes:

  • Types: Add index.d.ts to packaged files #288 Thank you, @forty

0.7.1

Commits

Fixes:

  • Types: Copy types from DefinitelyTyped #283 Thank you, @kachkaev

Chore:

  • package.json: remove author, maintainers, etc. #279

0.7.0

Commits

Due to #271 this version was published as

  • unscoped xmldom package to github (git tags 0.7.0 and 0.7.0+unscoped)
  • scoped @xmldom/xmldom package to npm (git tag 0.7.0+scoped) For more details look at #278

Fixes:

  • Security: Misinterpretation of malicious XML input CVE-2021-32796
  • Implement Document.getElementsByClassName as specified #213, thank you, @ChALkeR
  • Inherit namespace prefix from parent when required #268
  • Handle whitespace in closing tags #267
  • Update DOMImplementation according to recent specs #210
    BREAKING CHANGE: Only if you “passed features to be marked as available as a constructor arguments” and expected it to “magically work”.
  • No longer serializes any namespaces with an empty URI #244
    (related to #168 released in 0.6.0)
    BREAKING CHANGE: Only if you rely on “unsetting” a namespace prefix by setting it to an empty string
  • Set localName as part of Document.createElement #229, thank you, @rrthomas

CI

  • We are now additionally running tests against node v16
  • Stryker tests on the master branch now run against node v14

Docs

  • Describe relations with and between specs: #211, #247

0.6.0

Commits

Fixes

  • Stop serializing empty namespace values like xmlns:ds="" #168
    BREAKING CHANGE: If your code expected empty namespaces attributes to be serialized.
    Thank you, @pdecat and @FranckDepoortere
  • Escape < to &lt; when serializing attribute values #198 / #199

0.5.0

Commits

Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)

    • Improve error reporting; throw on duplicate attribute\ BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it’s also safer for our users to fail when detecting them. It’s possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

    To accomplish this and also be able to verify it in tests I needed to

    • create a new Error type ParseError and export it
    • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
    • export DOMHandler constructor as __DOMHandler
    • Preserve quotes in DOCTYPE declaration Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes. BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping. (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

    https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors’ directives when parsing attributes #171

  • fix(dom): Escape ]]&gt; when serializing CharData #181

  • Switch to (only) MIT license (drop problematic LGPL license option) #178

  • Export DOMException; remove custom assertions; etc. #174

Docs

  • Update MDN links in readme.md #188

0.4.0

Commits

Fixes

  • BREAKING Restore &nbsp; behavior from v0.1.27 #67
  • BREAKING Typecheck source param before parsing #113
  • Include documents in package files list #156
  • Preserve doctype with sysid #144
  • Remove ES6 syntax from getElementsByClassName #91
  • Revert “Add lowercase of åäö in entityMap” due to duplicate entries #84
  • fix: Convert all line separators to LF #66

Docs

  • Update CHANGELOG.md through version 0.3.0 #63
  • Update badges #78
  • Add .editorconfig file #104
  • Add note about import #79
  • Modernize & improve the example in readme.md #81

CI

  • Add Stryker Mutator #70
  • Add Stryker action to update dashboard #77
  • Add Node GitHub action workflow #64
  • add & enable eslint #106
  • Use eslint-plugin-es5 to enforce ES5 syntax #107
  • Recover vows tests, drop proof tests #59
  • Add jest tessuite and first tests #114
  • Add jest testsuite with xmltest cases #112
  • Configure Renovate #108
  • Test European HTML entities #86
  • Updated devDependencies

Other

  • Remove files that are not of any use #131, #65, #33

0.3.0

Commits

0.2.1

Commits

  • Correct homepage, repository and bugs URLs in package.json.

0.2.0

Commits

0.1.31

Commits

The patch versions (v0.1.29 - v0.1.31) that have been released on the v0.1.x branch, to reflect the changed maintainers, are branched off from v0.1.27 so they don’t include the breaking changes introduced in xmldom-alpha@v0.1.28:

Maintainer changes

After the last commit to the original repository https://github.com/jindw/xmldom on the 9th of May 2017, the first commit to https://github.com/xmldom/xmldom is from the 19th of December 2019. The fork has been announced in the original repository on the 2nd of March 2020.

The versions listed below have been published to one or both of the following packages:

It is currently not planned to continue publishing the xmldom-alpha package.

The new maintainers did not invest time to understand changes that led to the last xmldom version 0.1.27 published by the original maintainer, but consider it the basis for their work. A timeline of all the changes that happened from that version until 0.3.0 is available in https://github.com/xmldom/xmldom/issues/62. Any related questions should be asked there.

0.1.28

Commits

Published by @jindw on the 9th of May 2017 as

0.1.27

Published by @jindw on the 28th of Nov 2016 as

  • xmldom@0.1.27
  • xmldom-alpha@0.1.27

  • Various bug fixes.

0.1.26

Published on the 18th of Nov 2016 as xmldom@0.1.26

  • Details unknown

0.1.25

Published on the 18th of Nov 2016 as

  • xmldom@0.1.25

  • Details unknown

0.1.24

Published on the 27th of November 2016 as

  • xmldom@0.1.24
  • xmldom-alpha@0.1.24

  • Added node filter.

0.1.23

Published on the 5th of May 2016 as

  • xmldom-alpha@0.1.23

  • Add namespace support for nest node serialize.

  • Various other bug fixes.

0.1.22

  • Merge XMLNS serialization.
  • Remove \r from source string.
  • Print namespaces for child elements.
  • Switch references to nodeType to use named constants.
  • Add nodelist toString support.

0.1.21

  • Fix serialize bug.

0.1.20

  • Optimize invalid XML support.
  • Add toString sorter for attributes output.
  • Add html self closed node button.
  • Add * NS support for getElementsByTagNameNS.
  • Convert attribute’s value to string in setAttributeNS.
  • Add support for HTML entities for HTML docs only.
  • Fix TypeError when Document is created with DocumentType.

0.1.19

0.1.18

  • Add default ns support.
  • parseFromString now renders entirely plain text documents as textNode.
  • Enable option to ignore white space on parsing.

0.1.17

Details missing for this and potential earlier version

0.1.16

  • Correctly handle multibyte Unicode greater than two byts. #57. #56.
  • Initial unit testing and test coverage. #53. #46. #19.
  • Create Bower component.json #52.

0.1.8

  • Add: some test case from node-o3-xml(excludes xpath support)
  • Fix: remove existed attribute before setting (bug introduced in v0.1.5)
  • Fix: index direct access for childNodes and any NodeList collection(not w3c standard)
  • Fix: remove last child bug