Sourced from sanitize-html's changelog.

2.17.0 (2025-05-14)

• Add preserveEscapedAttributes, allowing attributes on escaped disallowed tags to be retained. Thanks to Ben Elliot for this new option.

2.16.0 (2025-04-16)

• Add onOpenTag and onCloseTag events to enable advanced filtering to hook into the parser. Thanks to Rimvydas Naktinis.

2.15.0 (2025-03-19)

• Allow keeping tag content when discarding with exclusive filter by returning "excludeTag". Thanks to rChaoz.

• 86efc06 Merge pull request #705 from apostrophecms/release-2.17.0
• c487e77 release 2.17.0
• da16903 Merge pull request #704 from apostrophecms/add-thanks-to-changelog
• 0e5d881 Update CHANGELOG
• 614e7df Merge pull request #668 from benelliott/feature/preserve-escaped-attributes-2
• 8628cea Update README.md
• f07ce9d README.md: Add warning on usage of preserveEscapedAttributes
• 27de3a8 Add test demonstrating that preserveEscapedAttributes doesn't affect behaviou...
• 3d2893e Add documentation for preserveEscapedAttributes option
• ae1dc35 Add preserveEscapedAttributes option to allow attributes on escaped disallo...
• Additional commits viewable in compare view

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)