Download

More Information

HTML Purifier

Changes: A number of obscure bugs were fixed. Notable new features include support for the overflow CSS property. Bugs with YouTube rendering in certain versions of Firefox, CSSDefinition Printer, and iconv were fixed. Early PHP support was improved.

Changes: This version is an amalgamation of new features and fixes that have accumulated over a four month period. Some notable features include %AutoFormat.RemoveEmpty, column tracking for tokens, %AutoFormat.DisplayLinkURI, and %Attr.DefaultImageAlt. There were also major improvements to the test suite interface, error collection output, and the auto-formatter framework.

Changes: This security and bugfix release is a backport that fixes two vulnerabilities related to CSS, one of which only occurs under Shift_JIS. It also improves imagecrash protection (percent CSS width and height is now disabled for images, and you can control the bounds with %CSS.MaxImgLength and %HTML.MaxImgLength). Finally, there are number of bugfixes, most notably support for text-decoration: none, improved adherence to Unicode, and increased percent encoding checks.

Changes: This is a security and bugfix release. It addresses two security vulnerabilities, both related to CSS, and one of which only applies to users using Shift_JIS as their output encoding. There is also a security improvement regarding the imagecrash attack. There is a backwards incompatible change in which resources are no longer munged by default; please enable using %URI.MungeResources. Besides this, there are numerous improvements to URI munging, especially with the addition of %URI.MungeSecretKey, as well as an experimental %HTML.SafeObject and %HTML.SafeEmbed.

Changes: This is a backport release that fixes a vulnerability related to URI handling. It also includes a number of bugfixes that have accumulated in the HTML Purifier 3 series but had not been merged back yet. Please only use 2.1 releases for legacy PHP 4 installs.