Nokogiri v1.13.5 Release Notes

Release Date: 2022-05-04 // 5 months ago
  • ๐Ÿ”’ Security


    • ๐Ÿš€ [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

    ๐Ÿ‘Œ Improvements

    • ๐Ÿ“œ [CRuby] The libxml2 HTML parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare < characters.

    ๐Ÿ”„ Changed

    • โœ… [CRuby] The libxml2 HTML parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and incorrectly-opened comments will result in HTML text nodes starting with &lt;! instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are in test/html4/test_comments.rb.