bjarkler a731eba804 fix: Make XML parsing secure (#4598) ...

Harden the XmlUtils.parseXmlString function against XML documents that embed elements from the HTML or SVG namespaces, which could trigger script execution and cause XSS vulnerabilities.

Also migrate direct users of the DOMParser.parseFromString function to XmlUtils, and add appropriate unit tests.

2022-10-24 05:34:02 -07:00

..

abr

feat: Automatic ABR quality restrictions based on screen size (#4515)

2022-09-28 08:19:09 +02:00

ads

feat: Parse ID3 metadata (#4409)

2022-10-11 09:29:53 -07:00

cast

fix: Respect existing app usage of Cast SDK (#4523)

2022-10-04 12:05:19 -07:00

cea

fix: check for negative rows before moving (#4510)

2022-09-27 18:16:58 +02:00

config

feat: New autoShowText config to change initial text visibility behavior (#3421)

2022-09-21 10:53:52 -07:00

dash

fix: Fix segment index assertions with DAI (#4348)

2022-07-14 16:34:23 -07:00

debug

…

dependencies

fix: Allow muxjs to be loaded after Shaka

2021-05-14 10:00:59 -07:00

deprecate

…

hls

fix(HLS): Fix lazy-loading of TS content (#4601)

2022-10-20 03:05:14 -07:00

lcevc

feat: LCEVC Integration (#4050)

2022-10-03 11:32:27 -07:00

media

fix: Make XML parsing secure (#4598)

2022-10-24 05:34:02 -07:00

net

feat(hls): Support AES-128 in HLS (#4386)

2022-08-12 10:50:32 -07:00

offline

fix(offline): Add storage muxer init timeout (#4566)

2022-10-13 15:35:55 -07:00

polyfill

fix: Resolve load failures for TS-based content on Android-based Cast devices (#4569). (#4570)

2022-10-14 15:16:12 -07:00

routing

cleanup: Fix nullability declarations

2021-06-22 21:03:20 +00:00

text

fix: Make XML parsing secure (#4598)

2022-10-24 05:34:02 -07:00

util

fix: Make XML parsing secure (#4598)

2022-10-24 05:34:02 -07:00

player.js

feat: Improved LCEVC integration (#4560)

2022-10-20 19:21:12 +02:00