I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.
💣 Breaking Changes
- Due to security risks, JavaScript evaluation is now disabled by default - By @capricorn86 in task #1930
- A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @Mas0nShi for reporting this!
- Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
- JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki