DataTables 2.0.4

DataTables CDN files for DataTables 2.0.4. This software was originally released on 16th April, 2024.

Release notes

A busy release this one, with particular focus on addressing potential security issues found by CodeQL's code scanning - primary this is an improvement in the robustness of the HTML escaping and removal used by DataTables.

There are also a number of other fixes and even one new (small) feature. Please see the release notes below for full details.


  • paging.boundaryNumbers which can be used to disable the first and last numbers on either side of the ellipsis for the paging control. These could be considered irrelevant now that the first / last buttons are enabled by default.


  • paging.numbers renamed to be paging.buttons which makes a lot more sense!


  • Fomantic UI pagination HTML structure was incorrect
  • Responsive, when used with scrolling, could result in column misalignment
  • column-selector when used as a function was not being passed the column header cell as the third parameter.
  • A JS error would occur if initialised by passing a node which has an id in which characters would normally need to be escaped to make a CSS selector for the id.
  • Use character code points for UTF8 characters which are outside the ASCII range
  • A malicious plug-in for the DataTables API could potentially attempt to add to an object's prototype.
  • Update HTML stripping to use non-polynomial regex
  • Security (CodeQL) - potential for `` injection if done with multiple nesting
  • CodeQL warning - Multiple character replacement (wouldn't actually cause an issue due to the fact that the string was already limited to a single character, but for completeness, the regex would catch multiple characters now.
  • Use built in HTML striping function to read title from header - no security impact.
  • For state saved child row state, only escape : characters if not already escaped.
  • Remove duplicated code.
  • Bootstrap 5 header colour now uses BS5 CSS variable
  • When using server-side processing, and performing a client-side action, and querying the table before a redraw, it was possible to select a row which has been deleted (null), resulting in a JS error.
  • jQuery UI integration wasn't using the jQuery layout renderer
  • jQuery UI footer text was bold


  • Correction for negative search leading character
  • Correct example in row() for singular case
  • Add note to row.add() about using row().node() immediately after without a draw.