vendor/ammonia/CHANGELOG.md

   1 # Unreleased
   2
   3 *
   4
   5 # 1.1.0
   6
   7 * Add [`Builder::clean_content_tags`] which allows elements to be removed entirely instead of just having the tags removed
   8
   9 [`Builder::clean_content_tags`]: https://docs.rs/ammonia/1.1/ammonia/struct.Builder.html#method.clean_content_tags
  10
  11 # 1.0.1
  12
  13 * Update dependencies
  14
  15 # 1.0.0
  16
  17 * Breaking change: The `Ammonia` struct is now called `Builder` and uses that pattern for better forward compatibility
  18 * Breaking change: The `Builder::clean()` method now returns a `Document` struct instead of a `String`. You can use the `Document::to_string` method to obtain a `String`.
  19 * Breaking change: `keep_cleaned_elements` has changed from being an off-by-default option to the only supported behavior
  20 * Breaking change: Using a tag with `allowed_classes` means that the class attribute is banned from `tag_attributes` (it used to be required)
  21 * Breaking change: The default set of allowed elements and attributes was expanded
  22 * Added support for reading the input from a stream
  23 * Added `UrlRelative::Custom`, allowing you to write your own relative URL resolver
  24 * Changed `UrlRelative::RewriteWithBase` take a custom URL. This made the `url` crate a public dependency.
  25 * Added `id_prefix`, which can be used to avoid element `id` collisions with the rest of the page
  26 * Added property getters to `Builder`, to see what everything is currently set to
  27 * Added property modifiers, to change the existing whitelist (instead of completely replacing it)
  28
  29 # 0.7.0
  30
  31 * Add `allowed_classes`, allowing the user to set only specific items that can go in the class attribute
  32
  33 # 0.6.1
  34
  35 * Fix a bug in the traversal code
  36
  37 # 0.6.0
  38
  39 * Resolve relative URLs with a given base (off by default, you need to specify that base URL)
  40 * Add `rel="noreferrer noopener"` to links, as a security measure
  41 * Avoid closing void tags, such as turning `<br>` into `<br></br>`
  42 * Bump the html5ever version
  43 * Switch to using docs.rs to host docs
  44
  45 # 0.5.0
  46
  47 * Bump html5ever to 0.18 (this updates serde from 0.9 to 1.0)
  48
  49 # 0.4.0
  50
  51 * Upgrade to html5ever 0.17
  52
  53 # 0.3.0
  54
  55 * Add an option to keep elements that had attributes removed
  56
  57 # 0.2.0
  58
  59 * Removed the strip option. Not a security problem, but it was wrong and looked stupid. I'm not going to reintroduce this until html5ever allows me to preserve the original text enough to have non-stripped tags come out exactly like they go in.
  60 * Treat the data attribute of object as a URL. In non-default configurations, this could have been a leak.
  61 * Update to the newest html5ever.