diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2e49d2e..2f1f8b4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
# Changelog
+## UNRELEASED (2023-01-31)
+
+- Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when `disallowedTagMode` is set to any variant of `escape` -- just escape the disallowed tags that are present. This fixes [issue #464](https://github.com/apostrophecms/sanitize-html/issues/464). Thanks to [Daniel Liebner](https://github.com/dliebner)
+- Add `tagAllowed()` helper function which takes a tag name and checks it against `options.allowedTags` and returns `true` if the tag is allowed and `false` if it is not.
+
## 2.9.0 (2023-01-27)
- Add option parseStyleAttributes to skip style parsing. This fixes [issue #547](https://github.com/apostrophecms/sanitize-html/issues/547). Thanks to [Bert Verhelst](https://github.com/bertyhell).
diff --git a/test/test.js b/test/test.js
index 88ecbea..eb9bcbb 100644
--- a/test/test.js
+++ b/test/test.js
@@ -1561,4 +1561,17 @@ describe('sanitizeHtml', function() {
}), ''
);
});
+ it('should not automatically attach close tag for escaped tags', function() {
+ assert.equal(sanitizeHtml('Hello', {
+ disallowedTagsMode: 'escape',
+ }), '<test>Hello');
+ assert.equal(sanitizeHtml('Hello', {
+ disallowedTagsMode: 'recursiveEscape',
+ }), '<test><test><test><test><test>Hello');
+ });
+ it('should discard unclosed disallowed tags', function() {
+ assert.equal(sanitizeHtml('Hello', {
+ disallowedTagsMode: 'discard',
+ }), 'Hello');
+ });
});