2.19.1 / 2022-12-13

2.19.1 / 2022-12-13

Security

• Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information.
• Address CVE-2022-23515, improper neutralization of data URIs. See GHSA-228g-948r-83gx for more information.
• Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm for more information.

2.19.0 / 2022-09-14

2.19.0 / 2022-09-14

Features

• Allow SVG 1.0 color keyword names in CSS attributes. These colors are part of the CSS Color Module Level 3 recommendation released 2022-01-18. [#243]

2.18.0 / 2022-05-11

2.18.0 / 2022-05-11

Features

• Allow CSS property aspect-ratio. [#236] (Thanks, @louim!)

2.17.0 / 2022-04-28

2.17.0 / 2022-04-28

Features

• Allow ARIA attributes. [#232, #233] (Thanks, @nick-desteffen!)

2.16.0 / 2022-04-01

2.16.0 / 2022-04-01

Features

• Allow MathML elements menclose and ms, and MathML attributes dir, href, lquote, mathsize, notation, and rquote. [#231] (Thanks, @nick-desteffen!)

2.15.0 / 2022-03-14

2.15.0 / 2022-03-14

Features

• Expand set of allowed protocols to include sms:. [#228] (Thanks, @brendon!)

2.14.0 / 2022-02-11

2.14.0 / 2022-02-11

Features

• The #to_text method on Loofah::HTML::{Document,DocumentFragment} replaces <br> line break elements with a newline. [#225]

2.13.0 / 2021-12-10

2.13.0 / 2021-12-10

Bug fixes

• Loofah::HTML::DocumentFragment#text no longer serializes top-level comment children. [#221]

2.12.0 / 2021-08-11

2.12.0 / 2021-08-11

Features

• Support empty HTML5 data attributes. [#215]

2.11.0 / 2021-07-31

2.11.0 / 2021-07-31

Features

• Allow HTML5 element wbr.
• Allow all CSS property values for border-collapse. [#201]

Changes

• Deprecating Loofah::HTML5::SafeList::VOID_ELEMENTS which is not a canonical list of void HTML4 or HTML5 elements.
• Removed some elements from Loofah::HTML5::SafeList::VOID_ELEMENTS that either are not acceptable elements or aren't considered "void" by libxml2.