HTML Purifier 4.9.1 released

Posted 3:35 AM EST on Wednesday, March 8, 2017

HTML Purifier 4.9.1 is a maintenance release, collecting a year of accumulated bug fixes plus a few new feature. New features include support for min/max-width/height CSS, and rgba/hsl/hsla in color specifications. Major bugfixes include improvements in the Serializer cache to avoid chmod'ing directories, better entity decoding (we won't accidentally encode entities that occur in URLs) and rel="noopener" on links with target attributes, to prevent them from overwriting the original frame.

Note: We skipped 4.9.0 because that release number was briefly tagged in the release repo, but we decided not to release that tag. To avoid confusion, we've skipped to the next patch version number.

See NEWS for a complete changelog.