DOMPurify Files

XSS sanitizer for HTML, MathML and SVG

This is an exact mirror of the DOMPurify project, hosted at https://github.com/cure53/DOMPurify. SourceForge is not affiliated with DOMPurify.

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
DOMPurify 3.4.0 source code.tar.gz	2026-04-14	419.2 kB	0
DOMPurify 3.4.0 source code.zip	2026-04-14	452.3 kB	0
README.md	2026-04-14	1.3 kB	0
Totals: 3 Items		872.9 kB	0

Most relevant changes:

Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @kodareef5
Fixed several minor problems and typos regarding MathML attributes, thanks @DavidOliver
Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @1Jesper1
Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @bencalif
Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @trace37labs
Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @eddieran
Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @christos-eth
Fixed an issue with USE_PROFILES prototype pollution, thanks @christos-eth
Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @researchatfluidattacks and others
Fixed an issue with closing tags leading to possible mXSS, thanks @frevadiscor
Fixed a problem with the type dentition patcher after Node version bump
Fixed freezing BS runs by reducing the tested browsers array
Bumped several dependencies where possible
Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

Source: README.md, updated 2026-04-14

Other Useful Business Software

Forever Free Full-Stack Observability | Grafana Cloud Icon

Forever Free Full-Stack Observability | Grafana Cloud

Our generous forever free tier includes the full platform, including the AI Assistant, for 3 users with 10k metrics, 50GB logs, and 50GB traces.

Built on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.

Create free account

Our Free Plans just got better! | Auth0 Icon

Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.

Try free now

Forever Free Full-Stack Observability | Grafana Cloud

Our generous forever free tier includes the full platform, including the AI Assistant, for 3 users with 10k metrics, 50GB logs, and 50GB traces.

Built on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.

Create free account

Recommended Projects

bluemonday
Fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer
XSpear
Powerfull XSS Scanning and Parameter analysis tool&gem
jsoup
Java library for working with real-world HTML
Sanitize
Ruby HTML and CSS sanitizer
level
Universal abstract-level database for Node.js and browsers