Changelog
All notable changes to this project will be documented in this file.
This project adheres to Semantic Versioning.
Added
- Implementation of
hasAttributes #804
Fixed
- locator is now true even when other options are being used for the DOMParser
#802 / #803
- allow case-insensitive DOCTYPE in HTML
#817 / #819
- simplify
DOM.compareDocumentPosition #805
Chore
Thank you,
@zorkow,
@Ponynjaa,
@WesselKroos,
for your contributions.
Fixed
- lower error level for unicode replacement character
#790 / #794 / #797
Chore
- updated devDependencies
- migrate renovate config
#792
Thank you, @eglitise, for your contributions.
Fixed
- fix: re-index childNodes on insertBefore
#763 / #766
Thank you,
@mureinik,
for your contributions.
Fixed
- restore performance for large amount of child nodes
#748 / #760
- types: correct error handler level to
warning (#759) #754 / #759
Docs
- test: verify BOM handling
#758
Thank you,
@luffynando,
@mattiasw,
@JoinerDev,
for your contributions.
Fixed
- restore more
Node and ProcessingInstruction types #725 / #726
getElements* methods return LiveNodeList<Element> #731 / #734- Add more missing
Node props #728, triggered by unclosed #724
Docs
Chore
Thank you,
@Ponynjaa,
@ayZagen,
@sserdyuk,
@wydengyre,
@mykola-mokhnach,
@benkroeger,
for your contributions.
Changelog
All notable changes to this project will be documented in this file.
This project adheres to Semantic Versioning.
Feature
- add
Element.getElementsByClassName #722
Fixed
- add missing types for
Document.documentElement and Element.tagName #721 #720
Thank you, @censujiang, @Mathias-S, for your contributions
Fixed
- DOMParser.parseFromString requires mimeType as second argument
#713
- correct spelling of
isHTMLMimeType in type definition #715 / #712
- sync types with exports
#717 / #285 / #695
Other
- minimum tested node version is 14
#710
Thank you, @krystofwoldrich, @marvinruder, @amacneil, @defunctzombie,
@tjhorner, @danon, for your contributions
Features
- feat: expose all DOM level 2 element prototypes
#637 / #40
- feat: add iterator function to NodeList and NamedNodeMap
#634 / #633
Fixed
- parse empty/whitspace only doctype internal subset
#692
- avoid prototype clash in namespace prefix
#554
- report fatalError when doctype is inside elements
#550
Other
- test: add fuzz target and regression tests
#556
- chore: improve .gitignore and provide .envrc.template
#697
- chore: Apply security best practices
#546
- ci: check test coverage in PRs
#524
- docs: add missing commas to readme
#566
- docs: click to copy install command in readme
#644
- docs: enhance jsdoc comments
#511
Thank you, @kboshold, @edi9999, @apupier,
@shunkica, @homer0, @jhauga,
@UdayKharatmol, for your contributions
Fixed
- report more non well-formed cases
#519 / #45 / #125 / #467
BREAKING-CHANGE: Reports more not well-formed documents as fatalError
and drop broken support for optional and unclosed tags in HTML.
Other
- Translate/drop non English comments
#518
- use node v16 for development
#517
Thank you, @brodybits, @cbettinger, @josecarlosrx, for your contributions
Fixed
- dom: prevent iteration over deleted items
#514/ #499
Chore
- use prettier plugin for jsdoc
#513
Thank you, @qtow, @shunkica, @homer0, for your contributions
Fixed
- dom: prevent iteration over deleted items
#514/ #499
Thank you, @qtow, for your contributions
Fixed
- dom: prevent iteration over deleted items
#514/ #499
Thank you, @qtow, for your contributions
Fixed
- Set nodeName property in ProcessingInstruction
#509 / #505
- preserve DOCTYPE internal subset
#498 / #497 / #117\
BREAKING CHANGES: Many documents that were previously accepted by xmldom, esecially non well-formed ones are no longer accepted. Some issues that were formerly reported as errors are now a fatalError.
- DOMParser: Align parseFromString errors with specs
#454
Chore
- stop running mutation tests using stryker
#496
- make
toErrorSnapshot windows compatible #503
Thank you, @cjbarth, @shunkica, @pmahend1, @niklasl, for your contributions
Fixed
- Set nodeName property in ProcessingInstruction
#509 / #505
Thank you, @cjbarth, for your contributions
Fixed
- Set nodeName property in ProcessingInstruction
#509 / #505
Thank you, @cjbarth, for your contributions
Fixed
- Throw DOMException when calling removeChild with invalid parameter
#494 / #135
BREAKING CHANGE: Previously it was possible (but not documented) to call Node.removeChild with any node in the tree,
and with certain exceptions, it would work. This is no longer the case: calling Node.removeChild with an argument that is not a direct child of the node that it is called from, will throw a NotFoundError DOMException, as it is described by the specs.
Thank you, @noseworthy, @davidmc24, for your contributions
Feature
- Add
compareDocumentPosition method from level 3 spec. #488
Fixed
getAttribute and getAttributeNS should return null (#477) #46- several issues in NamedNodeMap and Element (#482)
#46
- properly parse closing where the last attribute has no value
#485 / #486
- extend list of HTML entities
#489
BREAKING CHANGE: Iteration over attributes now happens in the right order and non-existing attributes now return null instead of undefined. THe same is true for the namepsaceURI and prefix of Attr nodes.
All of the changes are fixing misalignment with the DOM specs, so if you expected it to work as specified,
nothing should break for you.
Chore
- update multiple devDependencies
- Configure jest (correctly) and wallaby
#481 / #483
Thank you, @bulandent, @zorkow, for your contributions
Fixed
- extend list of HTML entities
#489
Thank you, @zorkow, for your contributions
Fixed
- extend list of HTML entities
#489
Thank you, @zorkow, for your contributions
Fixed
- properly parse closing where the last attribute has no value
#485 / #486
Thank you, @bulandent, for your contributions
Fixed
- properly parse closing where the last attribute has no value
#485 / #486
Thank you, @bulandent, for your contributions
Fixed
Thank you, @edemaine, @pedro-l9, for your contributions
Fixed
Thank you, @edemaine, @pedro-l9, for your contributions
Fixed
Thank you, @edemaine, @pedro-l9, for your contributions
Fixed
- fix: Restore ES5 compatibility
#452 / #453
Thank you, @fengxinming, for your contributions
Fixed
- fix: Restore ES5 compatibility
#452 / #453
Thank you, @fengxinming, for your contributions
Fixed
- fix: Restore ES5 compatibility
#452 / #453
Thank you, @fengxinming, for your contributions
Fixed
- Security: Prevent inserting DOM nodes when they are not well-formed
CVE-2022-39353
In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly.
In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead.
This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior.
Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity
Chore
- update multiple devDependencies
- Add eslint-plugin-node for
lib #448 / #190
- style: Apply prettier to all code
#447 / #29 / #130
Thank you, @XhmikosR, @awwright, @frumioj, @cjbarth, @markgollnick for your contributions
Fixed
- Security: Prevent inserting DOM nodes when they are not well-formed
CVE-2022-39353
In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly.
In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead.
This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior.
Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity
Thank you, @frumioj, @cjbarth, @markgollnick for your contributions
Fixed
- Security: Prevent inserting DOM nodes when they are not well-formed
CVE-2022-39353
In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly.
In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead.
This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior.
Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity
Thank you, @frumioj, @cjbarth, @markgollnick for your contributions
Fixed
- fix: Stop adding tags after incomplete closing tag
#445 / #416
BREAKING CHANGE: It no longer reports an error when parsing HTML containing incomplete closing tags, to align the behavior with the one in the browser.
BREAKING CHANGE: If your code relied on not well-formed XML to be parsed and include subsequent tags, this will no longer work.
- fix: Avoid bidirectional characters in source code
#440
Other
Thank you, @ACN-kck, @mgerlach for your contributions
Fixed
- Avoid iterating over prototype properties
#441 / #437 / #436
Thank you, @jftanner, @Supraja9726 for your contributions
Fixed
- Avoid iterating over prototype properties
#437 / #436
Thank you, @Supraja9726 for your contributions
Fixed
- Avoid iterating over prototype properties
#437 / #436
Thank you, @Supraja9726 for your contributions
Fixed
Only use HTML rules if mimeType matches #338, fixes #203
In the living specs for parsing XML and HTML, that this library is trying to implement,
there is a distinction between the different types of documents being parsed:
There are quite some rules that are different for parsing, constructing and serializing XML vs HTML documents.
So far xmldom was always "detecting" whether "the HTML rules should be applied" by looking at the current namespace. So from the first time an the HTML default namespace (http://www.w3.org/1999/xhtml) was found, every node was treated as being part of an HTML document. This misconception is the root cause for quite some reported bugs.
BREAKING CHANGE: HTML rules are no longer applied just because of the namespace, but require the mimeType argument passed to DOMParser.parseFromString(source, mimeType) to match 'text/html'. Doing so implies all rules for handling casing for tag and attribute names when parsing, creation of nodes and searching nodes.
BREAKING CHANGE: Correct the return type of DOMParser.parseFromString to Document | undefined. In case of parsing errors it was always possible that "the returned Document" has not been created. In case you are using Typescript you now need to handle those cases.
BREAKING CHANGE: The instance property DOMParser.options is no longer available, instead use the individual readonly property per option (assign, domHandler, errorHandler, normalizeLineEndings, locator, xmlns). Those also provides the default value if the option was not passed. The 'locator' option is now just a boolean (default remains true).
BREAKING CHANGE: The following methods no longer allow a (non spec compliant) boolean argument to toggle "HTML rules":
XMLSerializer.serializeToStringNode.toStringDocument.toString
The following interfaces have been implemented:
DOMImplementation now implements all methods defined in the DOM spec, but not all of the behavior is implemented (see docstring):
createDocument creates an "XML Document" (prototype: Document, property type is 'xml')createHTMLDocument creates an "HTML Document" (type/prototype: Document, property type is 'html').
- when no argument is passed or the first argument is a string, the basic nodes for an HTML structure are created, as specified
- when the first argument is
false no child nodes are created
Document now has two new readonly properties as specified in the DOM spec:
contentType which is the mime-type that was used to create the documenttype which is either the string literal 'xml' or 'html'
MIME_TYPE (/lib/conventions.js):
hasDefaultHTMLNamespace test if the provided string is one of the miem types that implies the default HTML namespace: text/html or application/xhtml+xml
Thank you @weiwu-zhang for your contributions
Chore
- update multiple devDependencies
Fixed
- fix(dom): Serialize
> as specified (#395) #58
Other
- docs: Add
nodeType values to public interface description #396
- test: Add executable examples for node and typescript
#317
- fix(dom): Serialize
> as specified #395
- chore: Add minimal
Object.assign ponyfill #379
- docs: Refine release documentation
#378
- chore: update various dev dependencies
Thank you @niklasl, @cburatto, @SheetJSDev, @pyrsmk for your contributions
Fixes
- Only use own properties in entityMap
#374
Docs
- Add security policy
#365
- changelog: Correct contributor name and link
#366
- Describe release/publish steps
#358, #376
- Add snyk package health badge
#360
Fixed
- Normalize all line endings according to XML specs 1.0 and 1.1 \
BREAKING CHANGE: Certain combination of line break characters are normalized to a single
\n before parsing takes place and will no longer be preserved.
- XMLSerializer: Preserve whitespace character references
#284 / #310 \
BREAKING CHANGE: If you relied on the not spec compliant preservation of literal \t, \n or \r in attribute values.
To preserve those you will have to create XML that instead contains the correct numerical (or hexadecimal) equivalent (e.g. 	, 
, 
).
- Drop deprecated exports
DOMImplementation and XMLSerializer from lib/dom-parser.js #53 / #309
BREAKING CHANGE: Use the one provided by the main package export.
- dom: Remove all links as part of
removeChild #343 / #355
Chore
- ci: Restore latest tested node version to 16.x
#325
- ci: Split test and lint steps into jobs
#111 / #304
- Pinned and updated devDependencies
Thank you @marrus-sh, @victorandree, @mdierolf, @tsabbay, @fatihpense for your contributions
0.7.5
Commits
Fixes:
0.7.4
Commits
Fixes:
0.7.3
Commits
Fixes:
Refactor:
- Improve exports & require statements, new main package entry
#233
Docs:
- Fix Stryker badge
#298
- Fix link to help-wanted issues
#299
Chore:
- Execute stryker:dry-run on branches
#302
- Fix stryker config
#300
- Split test and lint scripts
#297
- Switch to stryker dashboard owned by org
#292
0.7.2
Commits
Fixes:
- Types: Add index.d.ts to packaged files
#288
Thank you, @forty
0.7.1
Commits
Fixes:
Chore:
- package.json: remove author, maintainers, etc.
#279
0.7.0
Commits
Due to #271 this version was published as
- unscoped
xmldom package to github (git tags 0.7.0 and 0.7.0+unscoped)
- scoped
@xmldom/xmldom package to npm (git tag 0.7.0+scoped)
For more details look at #278
Fixes:
- Security: Misinterpretation of malicious XML input
CVE-2021-32796
- Implement
Document.getElementsByClassName as specified #213, thank you, @ChALkeR
- Inherit namespace prefix from parent when required
#268
- Handle whitespace in closing tags
#267
- Update
DOMImplementation according to recent specs #210
BREAKING CHANGE: Only if you "passed features to be marked as available as a constructor arguments" and expected it to "magically work".
- No longer serializes any namespaces with an empty URI
#244
(related to #168 released in 0.6.0)
BREAKING CHANGE: Only if you rely on "unsetting" a namespace prefix by setting it to an empty string
- Set
localName as part of Document.createElement #229, thank you, @rrthomas
CI
- We are now additionally running tests against node v16
- Stryker tests on the master branch now run against node v14
Docs
- Describe relations with and between specs:
#211, #247
0.6.0
Commits
Fixes
- Stop serializing empty namespace values like
xmlns:ds="" #168
BREAKING CHANGE: If your code expected empty namespaces attributes to be serialized.
Thank you, @pdecat and @FranckDepoortere
- Escape
< to < when serializing attribute values #198 / #199
0.5.0
Commits
Fixes
Docs
- Update MDN links in
readme.md #188
0.4.0
Commits
Fixes
- BREAKING Restore
behavior from v0.1.27 #67
- BREAKING Typecheck source param before parsing
#113
- Include documents in package files list
#156
- Preserve doctype with sysid
#144
- Remove ES6 syntax from getElementsByClassName
#91
- Revert "Add lowercase of åäö in entityMap" due to duplicate entries
#84
- fix: Convert all line separators to LF
#66
Docs
- Update CHANGELOG.md through version 0.3.0
#63
- Update badges
#78
- Add .editorconfig file
#104
- Add note about import
#79
- Modernize & improve the example in readme.md
#81
CI
- Add Stryker Mutator
#70
- Add Stryker action to update dashboard
#77
- Add Node GitHub action workflow
#64
- add & enable eslint
#106
- Use eslint-plugin-es5 to enforce ES5 syntax
#107
- Recover
vows tests, drop proof tests #59
- Add jest tessuite and first tests
#114
- Add jest testsuite with
xmltest cases #112
- Configure Renovate
#108
- Test European HTML entities
#86
- Updated devDependencies
Other
- Remove files that are not of any use
#131, #65, #33
0.3.0
Commits
0.2.1
Commits
- Correct
homepage, repository and bugs URLs in package.json.
0.2.0
Commits
0.1.31
Commits
The patch versions (v0.1.29 - v0.1.31) that have been released on the v0.1.x branch, to reflect the changed maintainers, are branched off from v0.1.27 so they don't include the breaking changes introduced in xmldom-alpha@v0.1.28:
Maintainer changes
After the last commit to the original repository https://github.com/jindw/xmldom on the 9th of May 2017, the first commit to https://github.com/xmldom/xmldom is from the 19th of December 2019. The fork has been announced in the original repository on the 2nd of March 2020.
The versions listed below have been published to one or both of the following packages:
It is currently not planned to continue publishing the xmldom-alpha package.
The new maintainers did not invest time to understand changes that led to the last xmldom version 0.1.27 published by the original maintainer, but consider it the basis for their work.
A timeline of all the changes that happened from that version until 0.3.0 is available in https://github.com/xmldom/xmldom/issues/62. Any related questions should be asked there.
0.1.28
Commits
Published by @jindw on the 9th of May 2017 as
0.1.27
Published by @jindw on the 28th of Nov 2016 as
0.1.26
Published on the 18th of Nov 2016
as `xmldom@0.1.26`
0.1.25
Published on the 18th of Nov 2016 as
0.1.24
Published on the 27th of November 2016 as
0.1.23
Published on the 5th of May 2016 as
0.1.22
- Merge XMLNS serialization.
- Remove \r from source string.
- Print namespaces for child elements.
- Switch references to nodeType to use named constants.
- Add nodelist toString support.
0.1.21
0.1.20
- Optimize invalid XML support.
- Add toString sorter for attributes output.
- Add html self closed node button.
- Add
* NS support for getElementsByTagNameNS.
- Convert attribute's value to string in setAttributeNS.
- Add support for HTML entities for HTML docs only.
- Fix TypeError when Document is created with DocumentType.
0.1.19
0.1.18
- Add default
ns support.
- parseFromString now renders entirely plain text documents as textNode.
- Enable option to ignore white space on parsing.
0.1.17
Details missing for this and potential earlier version
0.1.16
- Correctly handle multibyte Unicode greater than two byts. #57. #56.
- Initial unit testing and test coverage. #53. #46. #19.
- Create Bower
component.json #52.
0.1.8
- Add: some test case from node-o3-xml(excludes xpath support)
- Fix: remove existed attribute before setting (bug introduced in v0.1.5)
- Fix: index direct access for childNodes and any NodeList collection(not w3c standard)
- Fix: remove last child bug
xmldom
