HTML Purifier 4.2.0 is a minor release that implements a number of feature requests accumulated over half a year. New configuration options include %Core.RemoveProcessingInstructions, %CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and %Core.NormalizeNewlines. Additionally,%URI.DisableResources is now functional and file: is an optionally supported URI scheme. There are also some minor bugfixes, usability improvements and documentation updates.
See NEWS for a complete changelog.
Along with this release, we would like to announce full disclosure on the security vulnerability patched in 4.1.0 and 4.1.1. Please see the CSS Quoting full disclosure page.