4.6.0 (2018-01-29)

• Loosened the Nokogumbo dependency to allow installing semver-compatible versions greater than or equal to v1.4. @rafbm - #171

4.5.0 (2017-06-04)

• Added SVG-related CSS properties to the relaxed config. See the diff for the full list of added properties. @louim - #161

• Fixed: Sanitize now strips null bytes (\u0000) before passing input to Nokogumbo, since they can cause recent versions to crash with a failed assertion in the Gumbo parser.

4.4.0 (2016-09-29)

• Added srcset to the attribute whitelist for img elements in the relaxed config. @ejtttje - #156

4.3.0 (2016-09-20)

• Methods can now be used as transformers. @Skipants - #155

4.2.0 (2016-08-22)

• Added -webkit-font-smoothing to the relaxed CSS config. @louim - #154
• Fixed: Nokogumbo >=1.4.9 changed its behavior in a way that allowed invalid doctypes (like <!DOCTYPE nonsense>) when the :allow_doctype config setting was true. Invalid doctypes are now coerced to valid ones as they were prior to this Nokogumbo change.

4.1.0 (2016-06-17)

• Added a new CSS config setting, :import_url_validator. This is a Proc or
  other callable object that will be called with each @import URL, and should
  return true to allow the URL or false to remove it. @nikz - #153

4.0.1 (2015-12-09)

• Unpinned the Nokogumbo dependency. @rubys - #141

4.0.0 (2015-04-20)

Potentially breaking changes

• Added two new CSS config settings, :at_rules_with_properties and :at_rules_with_styles. These allow you to define which at-rules should be allowed to contain properties and which should be allowed to contain style rules. Previously this was hard-coded internally. #111

  The previous :at_rules setting still exists, and defines at-rules that may not have associated blocks, such as @import. If you have a custom config that contains an :at_rules setting, you may need to move rules can have blocks to either :at_rules_with_properties or :at_rules_with_styles.

  See Sanitize's relaxed config for an example.

Other changes

• Added full support for CSS @page rules in the relaxed config, including support for all page-margin box rules (such as @top-left, @bottom-center, etc.)
• Added the following CSS at-rules to the relaxed config:
  • @-moz-keyframes
  • @-o-keyframes
  • @-webkit-keyframes
  • @document
• Added a whole bunch of CSS properties to the relaxed config. View the complete list here.
• Small performance improvements.
• Fixed: Upgraded Crass to 1.0.2 to pick up a fix that affected the parsing of CSS @page rules.

Version 3.1.2 (2015-02-22)

• Fixed: Deleting a node in a custom transformer could trigger a memory leak in Nokogiri if that node's children were later reparented, which the built-in CleanElement transformer did by default. The CleanElement transformer is now careful not to reparent the children of deleted nodes. #129

Version 3.1.1 (2015-02-04)

• Fixed: #document and #fragment failed on frozen strings, and could unintentionally modify unfrozen strings if they used an encoding other than UTF-8 or if they contained characters not allowed in HTML. @AnchorCat - #128