mixmark-io · martincizek · Apr 8, 2024 · Apr 6, 2024
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,7 +4,6 @@ on:
  push:
  branches: [main]
  pull_request:
- branches: [main]
  workflow_dispatch:
 
 jobs:

diff --git a/SECURITY.md b/SECURITY.md
@@ -15,7 +15,7 @@ Turndown input is
 
 When a string input is passed, the DOM parser is picked as follows.
 * For web browser usage, the corresponding native web parser is used, which is typically `DOMImplementation`.
-* For standalone usage, [domino](https://github.com/fgnass/domino) parser is used.
+* For standalone usage, custom [domino](https://github.com/mixmark-io/domino) parser is used.
 
 Please note that a malicious string input can cause undesired effects within the DOM parser
 even before Turndown code starts processing the document itself.
@@ -27,8 +27,8 @@ better suits your security needs.
 
 In particular, Turndown version 6 and below used [jsdom](https://github.com/jsdom/jsdom) as the
 standalone DOM parser. As `jsdom` is a fully featured DOM parser with script execution support,
-it imposes an inherent security risk. We recommend upgrading to version 7, which uses
-[domino](https://github.com/fgnass/domino) that doesn't even support executing scripts nor
+it imposes an inherent security risk. We recommend upgrading to version 7, which uses custom
+[domino](https://github.com/mixmark-io/domino) that doesn't even support executing scripts nor
 downloading external resources.
 
 ## Reporting a Vulnerability

diff --git a/config/rollup.config.js b/config/rollup.config.js
@@ -6,7 +6,7 @@ export default function (config) {
  return {
  input: 'src/turndown.js',
  output: config.output,
- external: ['domino'],
+ external: ['@mixmark-io/domino'],
  plugins: [
  commonjs(),
  replace({ 'process.browser': JSON.stringify(!!config.browser), preventAssignment: true }),

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -7,13 +7,13 @@
  "module": "lib/turndown.es.js",
  "jsnext:main": "lib/turndown.es.js",
  "browser": {
- "domino": false,
+ "@mixmark-io/domino": false,
  "./lib/turndown.cjs.js": "./lib/turndown.browser.cjs.js",
  "./lib/turndown.es.js": "./lib/turndown.browser.es.js",
  "./lib/turndown.umd.js": "./lib/turndown.browser.umd.js"
  },
  "dependencies": {
- "domino": "^2.1.6"
+ "@mixmark-io/domino": "^2.2.0"
  },
  "devDependencies": {
  "@rollup/plugin-commonjs": "^19.0.0",

diff --git a/src/html-parser.js b/src/html-parser.js
@@ -47,7 +47,7 @@ function createHTMLParser () {
  }
  }
  } else {
- var domino = require('domino')
+ var domino = require('@mixmark-io/domino')
  Parser.prototype.parseFromString = function (string) {
  return domino.createDocument(string)
  }