Skip to content

Releases: rgrove/sanitize

4.6.0 (2018-01-29)

30 Jan 01:50
Compare
Choose a tag to compare
  • Loosened the Nokogumbo dependency to allow installing semver-compatible versions greater than or equal to v1.4. @rafbm - #171

4.5.0 (2017-06-04)

04 Jun 22:55
Compare
Choose a tag to compare
  • Added SVG-related CSS properties to the relaxed config. See the diff for the full list of added properties. @louim - #161

  • Fixed: Sanitize now strips null bytes (\u0000) before passing input to Nokogumbo, since they can cause recent versions to crash with a failed assertion in the Gumbo parser.

4.4.0 (2016-09-29)

30 Sep 00:21
Compare
Choose a tag to compare
  • Added srcset to the attribute whitelist for img elements in the relaxed config. @ejtttje - #156

4.3.0 (2016-09-20)

20 Sep 17:20
Compare
Choose a tag to compare

4.2.0 (2016-08-22)

23 Aug 00:59
Compare
Choose a tag to compare
  • Added -webkit-font-smoothing to the relaxed CSS config. @louim - #154
  • Fixed: Nokogumbo >=1.4.9 changed its behavior in a way that allowed invalid doctypes (like <!DOCTYPE nonsense>) when the :allow_doctype config setting was true. Invalid doctypes are now coerced to valid ones as they were prior to this Nokogumbo change.

4.1.0 (2016-06-17)

17 Jul 20:58
Compare
Choose a tag to compare
  • Added a new CSS config setting, :import_url_validator. This is a Proc or
    other callable object that will be called with each @import URL, and should
    return true to allow the URL or false to remove it. @nikz - #153

4.0.1 (2015-12-09)

09 Dec 19:10
Compare
Choose a tag to compare

4.0.0 (2015-04-20)

20 Apr 18:36
Compare
Choose a tag to compare

Potentially breaking changes

  • Added two new CSS config settings, :at_rules_with_properties and :at_rules_with_styles. These allow you to define which at-rules should be allowed to contain properties and which should be allowed to contain style rules. Previously this was hard-coded internally. #111

    The previous :at_rules setting still exists, and defines at-rules that may not have associated blocks, such as @import. If you have a custom config that contains an :at_rules setting, you may need to move rules can have blocks to either :at_rules_with_properties or :at_rules_with_styles.

    See Sanitize's relaxed config for an example.

Other changes

  • Added full support for CSS @page rules in the relaxed config, including support for all page-margin box rules (such as @top-left, @bottom-center, etc.)
  • Added the following CSS at-rules to the relaxed config:
    • @-moz-keyframes
    • @-o-keyframes
    • @-webkit-keyframes
    • @document
  • Added a whole bunch of CSS properties to the relaxed config. View the complete list here.
  • Small performance improvements.
  • Fixed: Upgraded Crass to 1.0.2 to pick up a fix that affected the parsing of CSS @page rules.

Version 3.1.2 (2015-02-22)

22 Feb 21:14
Compare
Choose a tag to compare
  • Fixed: Deleting a node in a custom transformer could trigger a memory leak in Nokogiri if that node's children were later reparented, which the built-in CleanElement transformer did by default. The CleanElement transformer is now careful not to reparent the children of deleted nodes. #129

Version 3.1.1 (2015-02-04)

04 Feb 17:40
Compare
Choose a tag to compare
  • Fixed: #document and #fragment failed on frozen strings, and could unintentionally modify unfrozen strings if they used an encoding other than UTF-8 or if they contained characters not allowed in HTML. @AnchorCat - #128