HTML Purifier 4.2.0 released

Posted 3:40 AM EDT on Wednesday, September 15, 2010

HTML Purifier 4.2.0 is a minor release that implements a number of feature requests accumulated over half a year. New configuration options include %Core.RemoveProcessingInstructions, %CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and %Core.NormalizeNewlines. Additionally,%URI.DisableResources is now functional and file: is an optionally supported URI scheme. There are also some minor bugfixes, usability improvements and documentation updates.

See NEWS for a complete changelog.

Along with this release, we would like to announce full disclosure on the security vulnerability patched in 4.1.0 and 4.1.1. Please see the CSS Quoting full disclosure page.