mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 23:28:42 +00:00
7015aaff46
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1808 48356398-32a2-884e-a903-53898d9a118a
10 lines
665 B
Plaintext
10 lines
665 B
Plaintext
HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
|
|
two security vulnerabilities, both related to CSS, and one of which only
|
|
applies to users using Shift_JIS as their output encoding. There is also
|
|
a security improvement regarding the imagecrash attack. There is a backwards
|
|
incompatible change with %URI.Munge, in which resources are no longer munged
|
|
by default; please enable using %URI.MungeResources. Besides this, there
|
|
are numerous improvements to URI munging, esp. with the addition of
|
|
%URI.MungeSecretKey, as well as an experimental implementation of
|
|
%HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
|