• Refactored codebase for clarity: extracted the public type declarations into types.ts
• Decomposed the three largest sanitizer functions into focused helpers
• Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
• Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
• Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
• Reduced CI cost by running the full three-engine browser suite once per PR
• Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
• Documented the bench and test:happydom scripts in the README
• Completed the Attack Classes & Bypass History wiki page
• Bumped several dependencies where possible

• Further improved the handling of Trusted Types config options, thanks @offset
• Further improved the handling of IN_PLACE sanitization, thanks @mozfreddyb
• Added more test coverage for IN_PLACE and Trusted Types related usage
• Bumped several dependencies where possible
• Updated README and wiki with more accurate documentation & attack samples

• Cleaned up the repository root, renamed some and removed unneeded files
• Fixed an issue with handling of Trusted Types policies, thanks @fulstadev
• Fixed the node iterator for better template scrubbing, thanks @IamLeandrooooo
• Included formerly missing LICENSE-MPL in published npm package, thanks @asamuzaK
• Bumped several dependencies where possible

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @offset
• Refactored the test suite and expanded test coverage significantly

• Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @offset & @Bankde
• Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @offset & @Bankde
• Added more test coverage for IN_PLACE and general DOM Clobbering attacks
• Bumped several dependencies where possible

• Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

• Added the selectedcontent element to default allow-list, thanks @lukewarlow
• Added the command and commandfor attributes to default allowed-list, thanks @lukewarlow
• Added better template scrubbing for IN_PLACE operations, thanks @DEMON1A
• Added stronger checks for cross-realm windows, thanks @DEMON1A & @fg0x0
• Updated demo website and made sure it uses the latest from main
• Updated existing workflows, fuzzer, dependabot, etc., added more tests
• Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

• Fixed an issue with handling of nested Shadow DOM trees, thanks @fishjojo1
• Fixed the template regexes to be more robust against ReDoS attacks, thanks @aleung27
• Updated the node iteration code to catch more Shadow DOM related issues
• Updated Playwright and added Node 26 to test matrix
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

• Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @nelstrom
• Fixed an issue with source maps referring to non-existing files, thanks @cmdcolin
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

• Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (font-face, color-profile, missing-glyph, font-face-src, font-face-uri, font-face-format, font-face-name) under permissive CUSTOM_ELEMENT_HANDLING
• Fixed a case-sensitivity gap in the annotation-xml check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode
• Fixed SANITIZE_NAMED_PROPS repeatedly prefixing already-prefixed id and name values on subsequent sanitization
• Fixed the IN_PLACE root-node check to explicitly guard against non-string nodeName (DOM-clobbering robustness)
• Removed a duplicate slot entry from the default HTML attribute allow-list
• Strengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for SANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fire
• Added regression and pinning tests covering the above fixes and two accepted-behavior contracts (SAFE_FOR_TEMPLATES greedy scrub, hook-added attribute handling)
• Extended CodeQL analysis to run on 3.x and 2.x maintenance branches