Changelog History
Page 4
-
v2.1.0 Changes
January 13, 2014โ Added support for allowlisting arbitrary HTML5
data-*
attributes. Use the symbol:data
instead of an attribute name in the:attributes
config to indicate that arbitrary data attributes should be allowed on an element.โ Added the following elements to the relaxed config:
address
,bdi
,hr
, andsummary
.๐ Fixed: A colon (
:
) character in a URL fragment identifier such as#foo:1
was incorrectly treated as a protocol delimiter. @heathd - #87
-
v2.0.6 Changes
July 10, 2013- ๐ Fixed: Version 2.0.5 inadvertently included some work-in-progress changes that shouldn't have made their way into the master branch. This is what happens when I release before coffee instead of after.
-
v2.0.5 Changes
July 10, 2013- Loosened the Nokogiri dependency back to >= 1.4.4 to allow Sanitize to coexist in newer Rubies with other libraries that restrict Nokogiri to 1.5.x for 1.8.7 compatibility. Sanitize still no longer supports 1.8.7, but this should make life easier for people who need those other libs.
-
v2.0.4 Changes
June 12, 2013โ Added
Sanitize.clean_document
, which sanitizes a full HTML document rather than just a fragment. [Ben Anderson]Nokogiri dependency bumped to 1.6.x.
โฌ๏ธ Dropped support for Ruby versions older than 1.9.2.
-
v2.0.3 Changes
July 01, 2011- Loosened the Nokogiri dependency to allow Nokogiri 1.5.x.
-
v2.0.2 Changes
May 21, 2011- ๐ Fixed a bug in which a protocol like "java\script:" would be translated to "java%5Cscript:" and allowed through the filter when relative URLs were enabled. This didn't actually allow malicious code to run, but it is undesired behavior.
-
v2.0.1 Changes
March 16, 2011- โก๏ธ Updated the protocol regex to anchor at the beginning of the string rather than the beginning of a line. [Eaden McKee]
-
v2.0.0 Changes
January 15, 2011The environment data passed into transformers and the return values expected from transformers have changed. Old transformers will need to be updated. See the README for details.
Transformers now receive nodes of all types, not just element nodes.
Sanitize's own core filtering logic is now implemented as a set of always-on transformers.
0๏ธโฃ The default value for the
:output
config is now:html
. Previously it was:xhtml
.โ Added a
:whitespace_elements
config, which specifies elements (such as<br>
and<p>
) that should be replaced with whitespace when removed in order to preserve readability. See the README for the default list of elements that will be replaced with whitespace when removed.โ Added a
:transformers_breadth
config, which may be used to specify transformers that should traverse nodes in a breadth-first mode rather than the default depth-first mode.โ Added the
abbr
,dfn
,kbd
,mark
,s
,samp
,time
, andvar
elements to the allowlists for the basic and relaxed configs.โ Added the
bdo
,del
,figcaption
,figure
,hgroup
,ins
,rp
,rt
,ruby
, andwbr
elements to the allowlist for the relaxed config.The
dir
,lang
, andtitle
attributes are now allowlisted for all elements in the relaxed config.โฌ๏ธ Bumped minimum Nokogiri version to 1.4.4 to avoid a bug in 1.4.2+ (issue #315) that caused
</body></html>
to be appended to the CDATA inside unterminated script and style elements.
-
v1.2.1 Changes
April 20, 2010โ Added a
:remove_contents
config setting. If set totrue
, Sanitize will remove the contents of all non-allowlisted elements in addition to the elements themselves. If set to an array of element names, Sanitize will remove the contents of only those elements (when filtered), and leave the contents of other filtered elements. [Thanks to Rafael Souza for the array option]โ Added an
:output_encoding
config setting to allow the character encoding for HTML output to be specified. The default is utf-8.The environment hash passed into transformers now includes a
:node_name
item containing the lowercase name of the current HTML node (e.g. "div").Returning anything other than a Hash or nil from a transformer will now raise a meaningful
Sanitize::Error
exception rather than an unintendedNameError
.
-
v1.2.0 Changes
January 17, 2010Requires Nokogiri ~> 1.4.1.
โ Added support for transformers, which allow you to filter and alter nodes using your own custom logic, on top of (or instead of) Sanitize's core filter. See the README for details and examples.
โ Added
Sanitize.clean_node!
, which sanitizes aNokogiri::XML::Node
and all its children.โ Added elements
<h1>
through<h6>
to the Relaxed allowlist. [Suggested by David Reese]