- Fixed another mXSS variation affecting Chrome, Safari and Edge relating to HTML templates
- Fixed a bug in the config parser leading to unexpected results
Credits for the bypass again go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix 🙇♂️ 🙇♀️