# [4.18.0](https://github.com/ezyang/htmlpurifier/compare/v4.17.0...v4.18.0) (2024-11-01) ### Bug Fixes * Adjust Core.AllowHostnameUnderscore to consider that "_" is defined as Unreserved Characters in RFC 3986 ([#406](https://github.com/ezyang/htmlpurifier/issues/406)) ([d9fbef8](https://github.com/ezyang/htmlpurifier/commit/d9fbef8e27f6a0848a8987a8534351de98eb0fa1)) * Avoid a deprecated error when the attribute name is numeric and DirectLex is used ([#412](https://github.com/ezyang/htmlpurifier/issues/412)) ([f0fbf51](https://github.com/ezyang/htmlpurifier/commit/f0fbf510981b27fc03168efdb17d6bff48f521af)) * checking that node has property name ([#399](https://github.com/ezyang/htmlpurifier/issues/399)) ([9ca5a36](https://github.com/ezyang/htmlpurifier/commit/9ca5a3687bd2e6e42ed9d5199b2cfb1dbd6dbdc2)) * Ignore conditional comments ([#401](https://github.com/ezyang/htmlpurifier/issues/401)) ([4828fdf](https://github.com/ezyang/htmlpurifier/commit/4828fdf45a93eeeacfcbcc855f96f9a7e6b4ed44)) * Support PHP 8.4 ([#396](https://github.com/ezyang/htmlpurifier/issues/396)) ([92da247](https://github.com/ezyang/htmlpurifier/commit/92da2473ffbb3ed5e894560d4166b1ca8032aeb3)) * undefined array key warning ([#419](https://github.com/ezyang/htmlpurifier/issues/419)) ([01be377](https://github.com/ezyang/htmlpurifier/commit/01be377f93654fad4d3fbc8c81779f14316eaecf)) ### Features * Add allowfullscreen attr for iframe ([#411](https://github.com/ezyang/htmlpurifier/issues/411)) ([70754a2](https://github.com/ezyang/htmlpurifier/commit/70754a253342f67a67425cfa81029db3a5c1bd28)) * add directive for removing blank nodes ([#404](https://github.com/ezyang/htmlpurifier/issues/404)) ([c9d60c9](https://github.com/ezyang/htmlpurifier/commit/c9d60c96d799c02bc357c88a49f422034b6914fd)) * Add support for CSS aspect-ratio ([#408](https://github.com/ezyang/htmlpurifier/issues/408)) ([93bee73](https://github.com/ezyang/htmlpurifier/commit/93bee733497a098b65daf5910f1c435d347860a4)) * Allow universal CSS values for all properties ([#410](https://github.com/ezyang/htmlpurifier/issues/410)) ([9723267](https://github.com/ezyang/htmlpurifier/commit/972326785d201b81e1095bc296b99bbcfa8c7fd4)) # [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0) (2023-11-17) ### Bug Fixes * CSSTidy ImportantComments not handled properly ([#359](https://github.com/ezyang/htmlpurifier/issues/359)) ([78a9b4d](https://github.com/ezyang/htmlpurifier/commit/78a9b4d0dae8bce9a70e4e7e551bf51e9a23706d)) * fix CI ([#361](https://github.com/ezyang/htmlpurifier/issues/361)) ([9ec687c](https://github.com/ezyang/htmlpurifier/commit/9ec687c904a1fe66a5395d22c50f7043e045d1d3)) * Invalid scheme check in Attr.TargetBlank ([#363](https://github.com/ezyang/htmlpurifier/issues/363)) ([0176ef4](https://github.com/ezyang/htmlpurifier/commit/0176ef4bb6f57103fdcb60a802603e60e81ee93e)) * semantic release ([#339](https://github.com/ezyang/htmlpurifier/issues/339)) ([d82f3d9](https://github.com/ezyang/htmlpurifier/commit/d82f3d996a0d9b0f23364946d9a14408c1ad72c5)) * semantic release ([#341](https://github.com/ezyang/htmlpurifier/issues/341)) ([e55fead](https://github.com/ezyang/htmlpurifier/commit/e55fead09f39430d30f48438f06e7bc2326efc94)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339) * Support for locales using decimal separators other than . (dot) ([#372](https://github.com/ezyang/htmlpurifier/issues/372)) ([43f49ac](https://github.com/ezyang/htmlpurifier/commit/43f49ac9a51b81dfd07d3bc8dcfc5ec5637a5e3b)) ### Features * Add support for all text-decoration properties ([#360](https://github.com/ezyang/htmlpurifier/issues/360)) ([2d775c0](https://github.com/ezyang/htmlpurifier/commit/2d775c01874e2f676ba1a2d9fe69b47c2a823061)) * Allows commas to be included in tel URI ([#389](https://github.com/ezyang/htmlpurifier/issues/389)) ([ec92490](https://github.com/ezyang/htmlpurifier/commit/ec924901392f088d334622f806b9449b17b75d7b)), closes [#388](https://github.com/ezyang/htmlpurifier/issues/388) ### Reverts * Revert "fix: semantic release (#339)" (#340) ([3e83215](https://github.com/ezyang/htmlpurifier/commit/3e832152a6173f880c6495a3ab2b0e5235e253a6)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339) [#340](https://github.com/ezyang/htmlpurifier/issues/340) NEWS ( CHANGELOG and HISTORY ) HTMLPurifier ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| = KEY ==================== # Breaks back-compat ! Feature - Bugfix + Sub-comment . Internal change ========================== 4.15.0, released 2022-09-18 ! PHP 8.1 and 8.2 support, esp. fixes for deprecation warnings. A joint effort by David Rans, Tim Düsterhus, Kieran and John Flatness. ! Allow contenteditable="false" (#336), contributed by Kieran. - Replace PHP 8.1 deprecated utf8_ functions with mbstring (#326), contributed by John Flatness. - Enhanced composer suggestions with extensions (#317), contributed by func0der. 4.14.0, released 2021-12-24 ! Add "background-size" support (#289), contributed by Václav Smítal ! Transform deprecated width attribute when tidying HTML, contributed by Kieran. - PHP 8 support, contributed by Maksims Sļotovs. - Improved PHP 7.3 compatibility, contributed by kishor. - Avoid spurious magic quotes notice in PHP 7.4. Thanks Jasper Zonneveld for the fix. - Do not remove thead from table even if there are no tbody/tr (#264). Thanks Marcus Artner for the fix. - Fix "Parameter must be an array or an object that implements Countable" (#285)". Thanks Kieran for this fix. . Fix unnecessary reference assignment, handling behavior change from PHP5 and PHP7. Thanks Arkadiusz Biczewski for the fix. 4.13.0, released 2020-06-28 ! Add %HTML.Forms directive, which lets you accept forms in user HTML without requiring full %HTML.Trusted. Note that forms can be (trivially) used to setup phishing; e.g., an attacker can use CSS absolute positioning to overlay a form on top of a login element, so please be sure to use this with care! Fixes #213. Thanks Mateusz Turcza for contributing this feature. ! tr@bgcolor attribute is now supported. Thanks Kieran Brahney for this enhancement. - Further improvements to PHP 7.4 support, contributed by Witold Wasiczko and Eloy Lafuente. - Fix PSR-0 compatibility. Thanks Jordi Boggiano for contributing part of this fix. - Fix bug with purifyArray where it doesn't work on empty arrays. Thanks Fräntz Miccoli for the fix. - Reduce amount of maintenance scripts included in distribution packages. Thanks Sergei Morozov for this patch. - Remove leading zeros unless if it is only a zero, fixes #239. Thanks lubomirbartos for this fix. - Correct type hinting of maybeGet*, fixes #240. Thanks Anders Jenbo for this fix. 4.12.0, released 2019-10-27 ! PHP 7.4 is supported, thank you Witold Wasiczko, Mateuz Turcza and Edi Modrić - PHPDocs for HTMLModule::addElement() and Bool attr are fixed (thanks Mateusz) 4.11.0, released 2019-07-14 # SafeScripting now matches case-sensitively against its whitelist (previously it was case-insensitive.) Thanks Dimitri Gritsajuk for reporting. ! New directive %Core.AllowParseManyTags which allows parsing of many nested tags. Thanks M. Suzuki for contributing the patch. ! purifyArray now supports multidimensional arrays. Thanks Sandro Miguel Marques for contributing this patch. ! initial and inherit settings available for width, height, and the min-/max- versions thereof. Thanks Michael Kliewe for contributing this patch. ! More color names are supported. Thanks Daijobou for contributing. - Compatibility fixes for PHP 7.3, including new CI for PHP 7.3 (thank you Lukas Neumann ) and removal of reserved words in our constants (thanks Darko Hrgovic - Compatibility fixes for HHVM. Thanks Mateusz Turcza for contributing this fix. - HTML Purifier now never defines __autoload, fixing #196. Thanks Michael Kliewe for reporting. - In some situations, Config.php would report an undefined index: class error; this has been fixed. Thanks DiLong Fa for contributing this fix. - We no longer produce