Skip to content

v0.4.0

Choose a tag to compare

View all tags
@milmazz milmazz released this 06 May 23:18
· 11 commits to main since this release
v0.4.0
52396dc

Highlights

  • HTML sanitization on by default (Exoplanet.Filters): post bodies and summaries now have dangerous tags (iframe, script, object, embed, style, base) and style attributes stripped before they
    reach your renderer. Three new filter keys control the behaviour: sanitize_html (default true), drop_tags, drop_attrs. All three follow the same per-feed override semantics as the existing keys — set
    sanitize_html: false per feed to opt out.
  • <dc:creator> preferred over <author> for RSS post authors: RSS 2.0 spec'd <author> as an email, which most blogs leave empty; <dc:creator> (Dublin Core) is where the human-readable name typically
    lives. Affects Exoplanet.Post.authors for RSS feeds.
  • Smarter default_filters merging: Exoplanet.Config.from_file/1 now overlays user-supplied default_filters onto the built-in defaults, so configs that specify only a subset of filter keys pick up the
    rest automatically. Existing config files require no changes.

Behaviour change to watch for

Sanitization is enabled by default, so feeds that previously rendered embedded <iframe> (e.g. YouTube) or relied on inline style attributes will now have those stripped. If that's not what you want for a
particular source, set sanitize_html: false (or customise drop_tags / drop_attrs) in that feed's filters: block.

See the full CHANGELOG.

Full Changelog: v0.3.0...v0.4.0

Assets 2
Loading