Comments (13)
Just out of curiosity: What are the concerns regarding the MPL which don't arise with other copyleft licenses?
from dompurify.
What do you mean "other copyleft licenses"? As far as I know, Apache, BSD, MIT are not copyleft licenses. We would have extra requirements regardless of which copyleft license is used and MPL is likely the most permissive of all the copyleft licenses.
There was no specific concerns as far as I know. It's just easier if it was MIT or Apache which most open JS libraries are.
(I am not a lawyer)
from dompurify.
Hi all :)
It's just easier if it was MIT or Apache which most open JS libraries are.
What is "it"? What's easier? Just asking to understand the need for this possible addition.
from dompurify.
Speaking generally (not LinkedIn specific), someone using this library would typically pull down the source and minify/concenate this with other JS. We can make the minification steps smart about keeping license info but we would need to address questions around "distribution" since this JS, the only way to use this code is to distribute it, "binary vs source" since we are minifying code which MPL treats as binary and "viral-ness" of this license as most production sites would combine some proprietary JS with this library when creating a single "file" to serve.
I'm not looking for answers here. I'm sure every company would have different lawyers to interpret these issues for themselves but it's "easier" if we didn't have to answer them at all.
from dompurify.
For our company (Zimbra), Apache 1.1, 2.0 are considered free and clear for use. MPL of any sort requires review by our legal team to see how the code will be used. I think the larger difference is that the Apache License (2.0) does not require end user modifications to be shared back to a project, while MPL does in some circumstances.
http://choosealicense.com/licenses/ has a basic bullet point of differences between the two as well.
from dompurify.
Thanks @jimmyhchan and @quanah - that helped understanding the issue!
So, the best way would be to add a more tolerant license? Or would the current one have to be replaced? If it's just about adding another one, then I have absolutely no problem with that and am happy to accept a pull request of yours :)
from dompurify.
… then we need a license which allows the project to be licensed under two different licenses. ;)
from dompurify.
many projects are dual or tri-licensed... It was fairly standard for years with Mozilla for them to be MPL/GPL/Apache 2.0
from dompurify.
As mentioned, if dual-licensing is the way to go, happy to accept a PR!
from dompurify.
Thanks! I think we can close this now? I'll do a quick announcement via Twitter.
from dompurify.
Thanks!
from dompurify.
Thank you so much for accepting this. Would it be possible to push another release (0.6.6)?
from dompurify.
Yep, probably gonna happen within the next two weeks. We are planning some additional hook demos, once done, we're going 0.6.6.
from dompurify.
Related Issues (20)
- Sanitization Issue: Comments Removed Despite ADD_TAGS Configuration HOT 8
- Sanitization Issue with DomPurify HOT 3
- New release v3.1.0 (not in releases) HOT 1
- How do I use the API provided by DomPurify to verify the SVG file is it risky? HOT 1
- Sanitize returns empty string when PARSER_MEDIA_TYPE: application/xhtml+xml and void tags HOT 4
- DOMPurify and Trusted Types - Clarification to Docs HOT 9
- when using bypasssecurityTrustHtml mthod to render template HOT 3
- Exception when passing 0 or "" or null to Dompurify.Sanitize Method HOT 2
- Use lower case for bower package name HOT 1
- Uncertain how to handle 'non-standard' HTML HOT 3
- Need to block external calls, e.g. all HTTP requests HOT 7
- Why does name="name" on an input field get purified? HOT 1
- Exception when passing 0 or "" or null to Dompurify.Sanitize Method #947 HOT 3
- Latest versions of DOMPurify 2.5.x block custom SVG elements when they are set via ADD_TAGS config. HOT 6
- release 3.1.3 assets are the same as 3.1.2 HOT 1
- Number.isNaN is not supported in MSIE HOT 15
- Bower issues : DOMPurify is not defined HOT 5
- HTML and BODY tags are being regardless of `ALLOWED_TAGS` settings HOT 2
- MAX_NESTING_DEPTH remove contents issue HOT 5
- Escape unsafe characters instead of removing them HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dompurify.