Ammonia Versions Save

Repair and secure untrusted HTML

v4.0.0

1 month ago

Update html5ever to 0.27
feature: change lifetimes on UrlRelative (breaking change)
chore: use the Display trait (and ToString) instead of an inherent to_string method (breaking change)
Security fixes are not backported to the 2.0 branch any more. Only the v3 and v4 branches are supported.

v3.3.0

1 year ago

chore: bump MSRV to 1.60.0
docs: fix incorrect XSS example
feature: add UrlRelative::RewriteWithRoot

v3.2.1

1 year ago

chore: bump MSRV to 1.51.0 https://github.com/serde-rs/serde/issues/2255
chore: fix broken links in documentation

v3.2.0

2 years ago

chore: bump MSRV to 1.49.0
chore: update to html5ever 0.26
chore: switch from lazy_static to once_cell
feature: add Builder::empty() constructor

v3.1.4

2 years ago

chore: use #[non_exhaustive] instead of hidden variant for UrlRelative policy
chore: remove unnecessary dependency on third-party matches! macro

v3.1.3

2 years ago

fix: incorrect FF/CR handling in clean_text
fix: split class name attribute by all ASCII whitespace, not just SP 0x20
docs: fix incorrect English in is_html documentation

v2.1.4

2 years ago

fix: split class name attribute by all ASCII whitespace, not just SP 0x20 (backported from 3.1.3)

v2.1.3

2 years ago

fix: unexpected namespace switches can allow XSS via svg/mathml parsing (backported from 3.1.2)

v3.1.2

2 years ago

fix: unexpected namespace switches can allow XSS via svg/mathml parsing

v3.1.1

3 years ago

fix: Crash on invalid URLs in some configurations (issue #136)