Permalink
Commits on Jun 4, 2017
  1. chore: Release 4.5.0

    rgrove committed Jun 4, 2017
  2. chore: Update history

    rgrove committed Jun 4, 2017
  3. fix: Strip null bytes before passing input to Nokogumbo

    rgrove committed Jun 4, 2017
    This fixes crashes in recent versions due to a failed assertion in
    Gumbo.
    
    The specific trigger seems to be a null byte in the value of an unquoted
    attribute that contains non-markup quote characters:
    
        <img src=javascript:alert('\0')>
    
    Several of Sanitize's unit tests test input like this, which didn't fail
    until relatively recently when something must have changed in Gumbo.
Commits on May 16, 2017
Commits on Sep 30, 2016
  1. Release 4.4.0.

    rgrove committed Sep 30, 2016
Commits on Sep 29, 2016
  1. Add srcset to whitelist of img tags

    ejtttje committed Sep 29, 2016
    This allows 'retina' images to be embedded at a reasonable scale without having to do annoying things like hardcode a width value.  My motivation is for gitlab markdown, where I want the documentation to inline high-res images straight out of the repository, but at the correct display size.
    
    More information: http://mobile.smashingmagazine.com/2013/08/21/webkit-implements-srcset-and-why-its-a-good-thing/
    
    Browser support: http://caniuse.com/#search=srcset
Commits on Sep 20, 2016
  1. Release 4.3.0.

    rgrove committed Sep 20, 2016
  2. Use #dup after building array

    Andrew Szczepanski committed Sep 20, 2016
  3. Allow passing methods as transformers to Sanitize constructor

    Andrew Szczepanski committed Sep 20, 2016
    Two things needed to be fixed to allow this:
    
    1. Make sure to add `Method` to the checks on classes that you cannot dupe in `Config#can_dupe?`
    
    2. Do not dup transformers in the Sanitize constructor
Commits on Aug 23, 2016
  1. Release 4.2.0.

    rgrove committed Aug 23, 2016
Commits on Aug 22, 2016
Commits on Jul 17, 2016
  1. Release 4.1.0.

    rgrove committed Jul 17, 2016
  2. Update Travis test matrix.

    rgrove committed Jul 17, 2016
Commits on Dec 9, 2015
  1. Release 4.0.1.

    rgrove committed Dec 9, 2015
  2. Update history.

    rgrove committed Dec 9, 2015
  3. Unpin Nokogumbo version

    rubys committed Dec 9, 2015
    Is there a reason that you have limited the nokogumbo version to _exactly_ 1.4.1?  Is there a change (either in code or in process) that would enable updated versions to be used?
Commits on Apr 20, 2015
  1. Release 4.0.0.

    rgrove committed Apr 20, 2015
  2. Update history.

    rgrove committed Apr 20, 2015
Commits on Apr 18, 2015
  1. Add some missing API docs.

    rgrove committed Apr 18, 2015
  2. Update dev dependencies.

    rgrove committed Apr 18, 2015
  3. Happy New Year!

    rgrove committed Apr 18, 2015
  4. Travis: Ruby 2.1.6 and 2.2.2.

    rgrove committed Apr 18, 2015