leizongmin
diff --git a/‎CHANGELOG.md
+5 b/‎CHANGELOG.md
+5
diff --git a/‎dist/xss.js
+7-2 b/‎dist/xss.js
+7-2
@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## v1.0.15 (2024-03-03)
+
+- [feat: add <kbd> to default whitelist](https://github.com/leizongmin/js-xss/pull/279) by @rayrny
+- [feat: single-quoted attribute value syntax support](https://github.com/leizongmin/js-xss/pull/287) by @mdk000
+
 ## v1.0.14 (2022-08-16)
 
 - [fix: problem with not closed tag](https://github.com/leizongmin/js-xss/pull/262) by @slawiko
 
@@ -58,8 +58,9 @@ function getDefaultWhiteList() {
     header: [],
     hr: [],
     i: [],
-    img: ["src", "alt", "title", "width", "height"],
+    img: ["src", "alt", "title", "width", "height", "loading"],
     ins: ["datetime"],
+    kbd: [],
     li: [],
     mark: [],
     nav: [],
@@ -456,6 +457,7 @@ exports.onIgnoreTagStripAll = onIgnoreTagStripAll;
 exports.StripTagBody = StripTagBody;
 exports.stripCommentTag = stripCommentTag;
 exports.stripBlankChar = stripBlankChar;
+exports.attributeWrapSign = '"';
 exports.cssFilter = defaultCSSFilter;
 exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;
 
@@ -910,6 +912,8 @@ function FilterXSS(options) {
     options.whiteList = DEFAULT.whiteList;
   }
 
+  this.attributeWrapSign = options.singleQuotedAttributeValue === true ? "'" : DEFAULT.attributeWrapSign;
+
   options.onTag = options.onTag || DEFAULT.onTag;
   options.onTagAttr = options.onTagAttr || DEFAULT.onTagAttr;
   options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag;
@@ -947,6 +951,7 @@ FilterXSS.prototype.process = function (html) {
   var onIgnoreTagAttr = options.onIgnoreTagAttr;
   var safeAttrValue = options.safeAttrValue;
   var escapeHtml = options.escapeHtml;
+  var attributeWrapSign = me.attributeWrapSign;
   var cssFilter = me.cssFilter;
 
   // remove invisible characters
@@ -1000,7 +1005,7 @@ FilterXSS.prototype.process = function (html) {
             // call `safeAttrValue()`
             value = safeAttrValue(tag, name, value, cssFilter);
             if (value) {
-              return name + '="' + value + '"';
+              return name + '=' + attributeWrapSign + value + attributeWrapSign;
             } else {
               return name;
             }