HTML Purifier 4.4.0 released

Posted 10:35 PM EST on Wednesday, January 18, 2012

HTML Purifier 4.4.0 is a minor security release addressing a security vulnerability associated with some optional functionality. It also contains an accumulation of new features and bugfixes over half a year. New configuration options include %HTML.TargetBlank, %HTML.AllowedComments, %HTML.AllowedCommentsRegexp, %HTML.SafeIframe, %URI.SafeIframeRegexp, %Core.EnableIDNA (requires PEAR Net_IDNA2 module and doesn't work for PHP 5.0.5). We also now support the 'scope' attribute on tables.

See NEWS for a complete changelog. There are some minor, backwards incompatible changes, which we don't expect users to notice.