DOC-2456: Docs 6 - Update DOMPurify version in security guide (#3353)

* DOC-2456: Update DOMPurify version in security guide * Expand DOMPurify section to explain version change from DOMPurify 2.x to 3.x in TinyMCE 6.8.0
tinymce · Jun 19, 2024 · 96d3dd5 · 96d3dd5
1 parent 0475b29
commit 96d3dd5
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/...ng-html-input-and-protecting-against-xss-attacks-dom-parser-and-dom-purify.adoc b/...ng-html-input-and-protecting-against-xss-attacks-dom-parser-and-dom-purify.adoc
@@ -5,18 +5,18 @@ Previously, before HTML content was passed to {productname} 5.x, it was parsed u
 
 The `SaxParser` API was developed in the then-absence of alternatives.
 
-When this API’s validate setting was enabled — `validate: true` — `SaxParser` removed elements and attributes that did not fit the declared schema.
+When this API's validate setting was enabled — `validate: true` — `SaxParser` removed elements and attributes that did not fit the declared schema.
 
 And, over its lifetime, `SaxParser` was extended. For example, as of {productname} 5.9, the `SaxParser` API marked attributes with certain names or IDs as unsafe, because some names or IDs can cause the host browser to overwrite existing properties or functions.
 
-For {productname} 6.0, however, this basic parser was removed and replaced with two significantly more thorough alternatives:
+Since {productname} 6.0, this basic parser was removed and replaced with two significantly more thorough alternatives:
 
 . the https://developer.mozilla.org/en-US/docs/Web/API/DOMParser[native browser API], `DOMParser()`; and
 . the Free and Open Source _https://github.com/cure53/DOMPurify[XSS sanitizer for HTML, MathML and SVG]_, DOMPurify.
 
-NOTE: {productname} uses DOMPurify 2.x, which was current at the time version 6 was developed.
+NOTE: {productname} uses DOMPurify 2.x up to {productname} 6.7.3. This was updated to DOMPurify 3.x in {productname} 6.8, which was current at the time {productname} {productmajorversion} was developed.
 
-Before HTML (or XML) content is passed to {productname} 6.x, the `DOMParser` API parses the HTML (or XML) string into a https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model[DOM object]. As part of this process, `DOMParser` attempts to correct malformed HTML.
+Before HTML (or XML) content is passed to {productname} {productmajorversion}, the `DOMParser` API parses the HTML (or XML) string into a https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model[DOM object]. As part of this process, `DOMParser` attempts to correct malformed HTML.
 
 For example, the following string: