From 8b06cb7febcab52e58a8de4779f80b88183ba825 Mon Sep 17 00:00:00 2001
From: Dmitry Marov <d.marov94@gmail.com>
Date: Fri, 11 Mar 2022 18:58:38 +0300
Subject: [PATCH 1/2] fixed xss vulnerability

---
 toastr.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toastr.js b/toastr.js
index e2fbc0d0..0d402197 100644
--- a/toastr.js
+++ b/toastr.js
@@ -184,7 +184,7 @@
                     timeOut: 5000, // Set timeOut and extendedTimeOut to 0 to make it sticky
                     titleClass: 'toast-title',
                     messageClass: 'toast-message',
-                    escapeHtml: false,
+                    escapeHtml: true,
                     target: 'body',
                     closeHtml: '<button type="button">&times;</button>',
                     closeClass: 'toast-close-button',

From 512dabc47e36cdede43d9b5404cb3eb31db1a678 Mon Sep 17 00:00:00 2001
From: Dmitry Marov <d.marov94@gmail.com>
Date: Fri, 11 Mar 2022 19:09:32 +0300
Subject: [PATCH 2/2] updated readme

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 7523ea83..d7822891 100644
--- a/README.md
+++ b/README.md
@@ -88,9 +88,9 @@ toastr.success('We do have the Kapua suite available.', 'Turtle Bay Resort', {ti
 ```
 
 ### Escape HTML characters
-In case you want to escape HTML charaters in title and message
+In case you don't want to escape HTML charaters in title and message
 
-	toastr.options.escapeHtml = true;
+	toastr.options.escapeHtml = false;
 
 ### Close Button
 Optionally enable a close button