Patch releases of elm/html and elm/virtual-dom

novid · November 12, 2025, 8:03pm

New releases of elm/html and elm/virtual-dom packages are available with srcdoc attribute marked as deprecated and stricter checks on incoming JSON. These releases has no API changes and you can safely update your applications and libraries.

lydell · November 12, 2025, 8:29pm

Context for elm/html: Iframe's srcDoc allow arbitrary scripts which can result in unsafe packages published · Issue #246 · elm/html · GitHub

Context for elm/virtual-dom: elm/virtual-dom javascript: URL vulnerability · GitHub

system · November 22, 2025, 8:30pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security patch in elm/virtual-dom v1.0.3 Show and Tell	4	888	June 7, 2022
Broken links in Html docs Request Feedback	1	527	February 6, 2020
Blog: Implementing VDOM in Elm Request Feedback	7	1865	March 15, 2018
How to inject html content inside the Elm 0.19 app Learn	6	1722	March 8, 2020
Elm-greenwood.com: Web & RSS feeds for Elm packages releases Show and Tell	8	1284	August 11, 2019

Patch releases of elm/html and elm/virtual-dom

Related topics