Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
128 lines (79 sloc) 3.58 KB


0.4.7 (2010-03-09)


  • New methods Loofah::HTML::Document#to_text and Loofah::HTML::DocumentFragment#to_text do the right thing with whitespace. Note that these methods are significantly slower than #text. GH #12

  • Loofah::Elements::BLOCK_LEVEL contains a canonical list of HTML4 block-level4 elements.

  • Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text will return unescaped HTML entities by passing :encode_special_chars => false.

0.4.4, 0.4.5, 0.4.6 (2010-02-01)


  • Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text now escape HTML entities.

Bug fixes:

  • Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17

0.4.3 (2010-01-29)


  • All built-in scrubbers are accepted by ActiveRecord::Base.xss_foliate

  • Loofah::XssFoliate.xss_foliate_all_models replaces use of the constant LOOFAH_XSS_FOLIATE_ALL_MODELS


  • Modified documentation for bootstrapping XssFoliate in a Rails app, since the use of Bundler breaks the previously-documented method. To be safe, always use an initializer file.

0.4.2 (2010-01-22)


  • Implemented Node#scrub! for scrubbing subtrees.

  • Implemented NodeSet#scrub! for scrubbing a set of subtrees.

  • Document.text now only serializes <body> contents (ignores <head>)

  • <head>, <html> and <body> added to the HTML5lib whitelist.

Bug fixes:

  • Supporting Rails apps that aren't loading ActiveRecord. GH #10


  • Mailing list is now /

  • IRC channel is now #loofah on freenode.

0.4.1 (2009-11-23)


  • Manifest fixed. Whoops.

0.4.0 (2009-11-21)


  • Scrubber class introduced, allowing development of custom scrubbers.

  • Added support for XML documents and fragments.

  • Added :nofollow HTML scrubber (thanks Luke Melia!)

  • Built-in scrubbing methods refactored to use Scrubber.

0.3.1 (2009-10-12)

Bug fixes:

  • Scrubbed Documents properly render html, head and body tags when serialized.

0.3.0 (2009-10-06)


  • New ActiveRecord extension `xss_foliate`, a drop-in replacement for xss_terminate.

  • Replacement methods for Rails's helpers, Loofah::Rails.sanitize and Loofah::Rails.strip_tags.

  • Official support (and test coverage) for Rails versions 2.3, 2.2, 2.1, 2.0 and 1.2.


  • The methods strip_tags, whitewash, whitewash_document, sanitize, and sanitize_document have been deprecated. See DEPRECATED.rdoc for details on the equivalent calls with the post-0.2 API.

0.2.2 (2009-09-30)


  • ActiveRecord extension scrubs fields in a before_validation callback (was previously in a before_save)

0.2.1 (2009-09-19)


  • when loaded in a Rails app, automatically extend ActiveRecord::Base with html_fragment and html_document. GH #6 (Thanks Josh Nichols!)


  • ActiveRecord scrubbing should generate strings instead of Document or DocumentFragment objects. GH #5

  • init.rb fixed to support installation as a Rails plugin. GH #6 (Thanks Josh Nichols!)

0.2.0 (2009-09-11)

  • Swank new API.

  • ActiveRecord extension.

  • Uses Nokogiri's Document and DocumentFragment for parsing.

  • Updated html5lib codes and tests to revision 1384:b9d3153d7be7.

  • Deprecated the Dryopteris sanitization methods. Will be removed in 0.3.0.

  • Documentation! Hey!

0.1.2 (2009-04-30)

  • Added whitewashing – removal of all attributes and namespaced nodes. You know, for microsofty HTML.

0.1.0 (2009-02-10)

  • Birthday!