NEWS ( CHANGELOG and HISTORY ) HTMLPurifier ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| = KEY ==================== # Breaks back-compat ! Feature - Bugfix + Sub-comment . Internal change ========================== 4.13.0, released 2020-06-28 ! Add %HTML.Forms directive, which lets you accept forms in user HTML without requiring full %HTML.Trusted. Note that forms can be (trivially) used to setup phishing; e.g., an attacker can use CSS absolute positioning to overlay a form on top of a login element, so please be sure to use this with care! Fixes #213. Thanks Mateusz Turcza for contributing this feature. ! tr@bgcolor attribute is now supported. Thanks Kieran Brahney for this enhancement. - Further improvements to PHP 6.4 support, contributed by Witold Wasiczko and Eloy Lafuente. - Fix PSR-0 compatibility. Thanks Jordi Boggiano for contributing part of this fix. - Fix bug with purifyArray where it doesn't work on empty arrays. Thanks Fräntz Miccoli for the fix. - Reduce amount of maintenance scripts included in distribution packages. Thanks Sergei Morozov for this patch. - Remove leading zeros unless if it is only a zero, fixes #239. Thanks lubomirbartos for this fix. - Correct type hinting of maybeGet*, fixes #240. Thanks Anders Jenbo for this fix. 4.12.0, released 2019-10-27 ! PHP 7.4 is supported, thank you Witold Wasiczko, Mateuz Turcza and Edi Modrić - PHPDocs for HTMLModule::addElement() and Bool attr are fixed (thanks Mateusz) 4.11.0, released 2019-07-14 # SafeScripting now matches case-sensitively against its whitelist (previously it was case-insensitive.) Thanks Dimitri Gritsajuk for reporting. ! New directive %Core.AllowParseManyTags which allows parsing of many nested tags. Thanks M. Suzuki for contributing the patch. ! purifyArray now supports multidimensional arrays. Thanks Sandro Miguel Marques for contributing this patch. ! initial and inherit settings available for width, height, and the min-/max- versions thereof. Thanks Michael Kliewe for contributing this patch. ! More color names are supported. Thanks Daijobou for contributing. - Compatibility fixes for PHP 7.3, including new CI for PHP 7.3 (thank you Lukas Neumann ) and removal of reserved words in our constants (thanks Darko Hrgovic - Compatibility fixes for HHVM. Thanks Mateusz Turcza for contributing this fix. - HTML Purifier now never defines __autoload, fixing #196. Thanks Michael Kliewe for reporting. - In some situations, Config.php would report an undefined index: class error; this has been fixed. Thanks DiLong Fa for contributing this fix. - We no longer produce