Version 3.0.0 released

This main feature of this release is fix to prevent XSS with the default commands along with dropping IE and legacy Edge support.

The editor also now includes the dompurify library to help prevent any future XSS attacks. This isn’t fully backwards compatible as dompurify may cause some HTML to be stripped. If you have any code that includes iframes, the allowed URLs will need to be added to the new allowedIframeUrls option.

The other breaking change is that the no longer supports IE and legacy Edge. The editor can still run in source mode in those browsers if the runWithoutWysiwygSupport option is enabled.

There’s also some bug fixes included in this release too.

Thanks to everyone who contributed!

Full changelog: