1 NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
2 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
4 = KEY ====================
10 ==========================
12 1.2.0, unknown projected release date
13 # ID attributes now disabled by default. New directives:
14 + %HTML.EnableAttrID - restores old behavior by allowing IDs
15 + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs
16 so that they don't collide with your IDs
17 + %Attr.IDPrefixLocal - Same as above, but for when there are multiple
18 instances of user content on the page
19 + Profuse documentation on how to use these available in id.txt
20 ! Added MODx plugin <http://modxcms.com/forums/index.php/topic,6604.0.html>
21 ! Added percent encoding normalization
22 ! XSS attacks smoketest given facelift
23 ! Configuration documentation now has table of contents
24 ! Added %URI.DisableExternal, which prevents links to external websites. You
25 can also use %URI.Host to permit absolute linking to subdomains
26 - Documentation updated
27 + TODO added request Phalanger
28 + TODO added request Native compression
29 + TODO added request Remove redundant tags
30 + TODO added possible plaintext formatter for HTML Purifier documentation
31 + Updated ConfigDoc TODO
32 + Updated code-quality.txt, removing issues that have been resolved
33 + Improved inline comments in AttrDef/Class.php, AttrDef/CSS.php
35 - HTMLPurifier_Context doesn't throw a variable reference error if you attempt
36 to retrieve a non-existent variable
37 . Switched to purify()-wide Context object registry
38 . Refactored unit tests to minimize duplication
39 . XSS attack sheet updated
40 . configdoc.xml now has xml:space attached to default value nodes
41 . Allow configuration directives to permit null values
42 . Cleaned up test-cases to remove unnecessary swallowErrors()
44 1.1.3, unknown projected release date
45 (bugfix release, may be dropped if no major bugs are found before features)
46 - Documentation updated
47 - Type variable in HTMLDefinition was not being set properly, fixed
49 1.1.2, released 2006-09-30
50 ! Add HTMLPurifier.auto.php stub file that configures include_path
51 - Documentation updated
52 + INSTALL document rewritten
53 + TODO added semi-lossy conversion
54 + API Doxygen docs' file exclusions updated
55 + Added notes on HTML versus XML attribute whitespace handling
56 + Noted that HTMLPurifier_ChildDef_Custom isn't being used
57 + Noted that config object's definitions are cached versions
58 - Fixed lack of attribute parsing in HTMLPurifier_Lexer_PEARSax3
59 - ftp:// URIs now have their typecodes checked
60 - Hooked up HTMLPurifier_ChildDef_Custom's unit tests (they weren't being run)
61 . Line endings standardized throughout project (svn:eol-style standardized)
62 . Refactored parseData() to general Lexer class
63 . Tester named "HTML Purifier" not "HTMLPurifier"
65 1.1.1, released 2006-09-24
66 ! Configuration option to optionally Tidy up output for indentation to make up
67 for dropped whitespace by DOMLex (pretty-printing for the entire application
68 should be done by a page-wide Tidy)
69 - Various documentation updates
70 - Fixed parse error in configuration documentation script
71 - Fixed fatal error in benchmark scripts, slightly augmented
72 - As far as possible, whitespace is preserved in-between table children
73 - Sample test-settings.php file included
75 1.1.0, released 2006-09-16
76 ! Directive documentation generation using XSLT
77 ! XHTML can now be turned off, output becomes <br>
78 - Made URI validator more forgiving: will ignore leading and trailing
79 quotes, apostrophes and less than or greater than signs.
80 - Enforce alphanumeric namespace and directive names for configuration.
81 - Table child definition made more flexible, will fix up poorly ordered elements
82 . Renamed ConfigDef to ConfigSchema
84 1.0.1, released 2006-09-04
85 - Fixed slight bug in DOMLex attribute parsing
86 - Fixed rejection of case-insensitive configuration values when there is a
87 set of allowed values. This manifested in %Core.Encoding.
88 - Fixed rejection of inline style declarations that had lots of extra
89 space in them. This manifested in TinyMCE.
91 1.0.0, released 2006-09-01
92 ! Shorthand CSS properties implemented: font, border, background, list-style
93 ! Basic color keywords translated into hexadecimal values
94 ! Table CSS properties implemented
95 ! Support for charsets other than UTF-8 (defined by iconv)
96 ! Malformed UTF-8 and non-SGML character detection and cleaning implemented
97 - Fixed broken numeric entity conversion
98 - API documentation completed
99 . (HTML|CSS)Definition de-singleton-ized
101 1.0.0beta, released 2006-08-16
102 ! First public release, most functionality implemented. Notable omissions are:
103 + Shorthand CSS properties
104 + Table CSS properties
105 + Deprecated attribute transformations