2.25.0 / 2025-12-15

2.25.0 / 2025-12-15

• Extract Loofah::HTML5::Scrub.allowed_uri? which operates on a string. Previously this logic was coupled to the parsed tree in .scrub_uri_attribute. #300 @flavorjones
• Tightened up how entities and control characters are handled when detecting allowed URIs. #301 @flavorjones

Full Changelog: v2.24.1...v2.25.0

2.24.1 / 2025-05-12

2.24.1 / 2025-05-12

Ruby support

• Import only what's needed from cgi for support for Ruby 3.5 #296 @Earlopain

2.24.0 / 2024-12-24

2.24.0 / 2024-12-24

Added

• Built-in scrubber :double_breakpoint which sees <br><br> and wraps the surrounding content in <p> tags. #279, #284 @josecolella @torihuang

Improved

• Built-in scrubber :targetblank now skips a tags whose href attribute is an anchor link. Previously, all a tags were modified to have target='_blank'. #291 @fnando

New Contributors

• @andrew made their first contribution in #289
• @fnando made their first contribution in #291
• @josecolella and @torihuang made their first contribution in #284

Full Changelog: v2.23.1...v2.24.0

2.23.1 / 2024-10-25

2.23.1 / 2024-10-25

Added

• Allow CSS properties min-height and max-height. [#288] @lazyatom

Full Changelog: v2.23.0...v2.23.1

2.23.0 / 2024-10-24

2.23.0 / 2024-10-24

Added

• Allow CSS property min-width. [#287] @lazyatom

New Contributors

• @m-nakamura145 made their first contribution in #280
• @lazyatom made their first contribution in #287

Full Changelog: v2.22.0...v2.23.0

2.22.0 / 2023-11-13

2.22.0 / 2023-11-13

Added

• A :targetblank HTML scrubber which ensures all hyperlinks have target="_blank". [#275] @stefannibrasil and @thdaraujo
• A :noreferrer HTML scrubber which ensures all hyperlinks have rel=noreferrer, similar to the :nofollow and :noopener scrubbers. [#277] @wynksaiddestroy

2.21.4 / 2023-10-10

2.21.4 / 2023-10-10

Fixed

• Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]

2.21.3 / 2023-05-15

2.21.3 / 2023-05-15

• Quash "instance variable not initialized" warning in Ruby < 3.0. [#268] (Thanks, @dharamgollapudi!)

2.21.2 / 2023-05-11

2.21.2 / 2023-05-11

Dependencies

• Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

2.21.1 / 2023-05-10

Fixed

• Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.