Version 3.4.0 of DOMPurify was released today, addressing a large number of issues reported by LLMs and real people alike.

Version 3.4.0 of DOMPurify was released today, addressing a large number of issues reported by LLMs and real people alike.

Thanks to all who contributed.

Release DOMPurify 3.4.0 · cure53/DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: - Release DOMPurify 3.4.0 · cure53/DOMPurify

GitHub (github.com)

We hope everything went smoothly and that no one was overlooked in the release notes.

@bontchev @GossiTheDog Agreed. Current recommendation from our end:

Keep calm, find and fix bugs, make the world a bit safer one bug at a time...

And ignore the hype train, but keep an open eye on how real and measurable things develop. Just what we did before.

@agowa338 Cyber security is an insanely complex beast with some parts being technical, some being human, some being regulatory, etc., and well, finding bugs is one small component.

Emphasis on small.

We have not really been great at cyber security in the past, and improvements are needed all across the board. We won't be great at it tomorrow because magic.

Having one component potentially improve is, especially given how speculative the current situation is, is nothing to really worry about. Rather the contrary.

Time will tell, some processes might change, and that is likely all that will happen for a long time.

Most humans in cyber security will very likely notice very little impact for now. Can this all go sideways? Yes, of course. Is it time to say that cyber security is over? I don't think so. At all.

@yonk Other LLMs claim they existed, for example:

Unhandled Thrown Response!

(chatgpt.com)

Edit: Okay, sharing doesn't seem to work right now

@yonk Phew, okay. We saw those messages in June 2025 and discussed them internally and with friends. Still have access to the conversations from back then.

RE: https://chaos.social/@yonk/116390461628017649

@yonk Thanks a lot! So, can we infer from this case that history is being altered already to fit radical political agendas, and it happens right before our eyes, without any larger repercussions?

@yonk thank you very much

And, asking from a broader perspective outside this specific scope, are there any other proven cases about LLM fine-tuning being used to alter rhe past and present and faux historical timelines?

Wondering if anyone has reliable info on the following and would like to share it.

Grok, the LLM used by X, now seems to claim that E. Musk never sent any inflammatory messages on June 5 2025 about Trump's involvement on Epstein's Island. Which he probably did.

We cannot fact-check this as we have, obviously, no X Premium account. But, if true, this should be a pretty huge issue, no?

We know who Angine de Poitrine really is.

@ctxkyo Thanks

Does anyone have a contact at pwn.ai?

We would kinda like to have a conversation with them...