[SECURITY] HTML Purifier 3.1.0 released
HTML Purifier 3.1.0 has been released. This release fixes a security vulnerability, and thus users should upgrade as soon as possible.
There have also been a number of new features and bugfixes, including support for the !important CSS modifier, display and visibility CSS properties with %CSS.AllowTricky, marquee with %HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper, %CSS.AllowedProperties, %HTML.ForbiddenAttributes and %HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the release candidate, there have also been a number of stability fixes such as improved URI escaping, a change in serializer ID format, and a relaxed format for %HTML.Allowed.
For those unfamiliar with HTML Purifier, HTML Purifier is a standards-compliant HTML filter library written in PHP. It used by projects such as Midgard, Kohana and Aliro, and has plugins for WordPress, Joomla, Drupal and more.
Comments