HTML Purifier 4.6.0 released

Posted 4:02 AM EST on Saturday, November 30, 2013

HTML Purifier 4.6.0 is a major security release, fixing numerous bad quadratic asymptotics in HTML Purifier's core algorithms. Most users will see a decent speedup on large inputs, although small inputs may take longer. Additionally, the secure URI munging algorithm has changed to do a proper HMAC. There are some other miscellaneous bugfixes as well.

See NEWS for a complete changelog. If you were using the secure URI munge hashing, you will need to update your redirector scripts. Additionally, %Core.EscapeInvalidChildren no longer does anything.