doc: update CHANGELOG

rails · May 17, 2023 · 8ea2500 · 8ea2500
1 parent 7f485d6
commit 8ea2500
Showing 1 changed file with 41 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,16 +1,43 @@
 ## next / unreleased
 
-* `SafeListSanitizer` allows `time` tag and `lang` attribute by default.
+* Sanitizers that use an HTML5 parser are now available on platforms supported by
+  Nokogiri::HTML5. These are available as:
+
+  - `Rails::HTML5::FullSanitizer`
+  - `Rails::HTML5::LinkSanitizer`
+  - `Rails::HTML5::SafeListSanitizer`
+
+  And a new "vendor" is provided at `Rails::HTML5::Sanitizer` that can be used in a future version
+  of Rails.
+
+  Note that for symmetry `Rails::HTML4::Sanitizer` is also added, though its behavior is identical
+  to the vendor class methods on `Rails::HTML::Sanitizer`.
 
   *Mike Dalessio*
 
-* `Rails::Html::XPATHS_TO_REMOVE` has been removed. It's not necessary with the existing sanitizers,
-  and should have been a private constant all along anyway.
+* Module namespaces have changed, but backwards compatibility is provided by aliases.
+
+  The library defines three additional modules:
+
+  - `Rails::HTML` for general functionality (replacing `Rails::Html`)
+  - `Rails::HTML4` containing sanitizers that parse content as HTML4
+  - `Rails::HTML5` containing sanitizers that parse content as HTML5
+
+  The following aliases are maintained for backwards compatibility:
+
+  - `Rails::Html` points to `Rails::HTML`
+  - `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer`
+  - `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer`
+  - `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer`
 
   *Mike Dalessio*
 
-* `Rails::Html` has been renamed to `Rails::HTML`, but this module is aliased to `Rails::Html` for
-  backwards compatibility.
+* `SafeListSanitizer` allows `time` tag and `lang` attribute by default.
+
+  *Mike Dalessio*
+
+* `Rails::Html::XPATHS_TO_REMOVE` has been removed. It's not necessary with the existing sanitizers,
+  and should have been a private constant all along anyway.
 
   *Mike Dalessio*
 
@@ -24,6 +51,7 @@
 
   *seyerian*
 
+
 ## 1.4.4 / 2022-12-13
 
 * Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer.
@@ -69,6 +97,7 @@
 
   *Mike Dalessio*
 
+
 ## 1.4.2 / 2021-08-23
 
 * Slightly improve performance.
@@ -77,6 +106,7 @@
 
   *Mike Dalessio*
 
+
 ## 1.4.1 / 2021-08-18
 
 * Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
@@ -89,6 +119,7 @@
 
   *Mike Dalessio*
 
+
 ## 1.4.0 / 2021-08-18
 
 * Processing Instructions are no longer allowed by Rails::Html::PermitScrubber
@@ -101,12 +132,14 @@
 
   *Mike Dalessio*
 
+
 ## 1.3.0
 
 * Address deprecations in Loofah 2.3.0.
 
   *Josh Goodall*
 
+
 ## 1.2.0
 
 * Remove needless `white_list_sanitizer` deprecation.
@@ -121,6 +154,7 @@
 
   *Kasper Timm Hansen*
 
+
 ## 1.1.0
 
 * Add `safe_list_sanitizer` and deprecate `white_list_sanitizer` to be removed
@@ -138,10 +172,12 @@
 
   *Kasper Timm Hansen*
 
+
 ## 1.0.1
 
 * Added support for Rails 4.2.0.beta2 and above
 
+
 ## 1.0.0
 
 * First release.