chore(release): 4.19.0 [skip ci]

# [4.19.0](https://github.com/ezyang/htmlpurifier/compare/v4.18.0...v4.19.0) (2025-10-17)

### Bug Fixes

* add warning for misleading option ([#433](https://github.com/ezyang/htmlpurifier/issues/433)) ([b21a591](b21a59101f))
* catastrophic backtracking in Core.AggressivelyFixLt ([#440](https://github.com/ezyang/htmlpurifier/issues/440)) ([418eeb7](418eeb7dc0))
* Deprecated: preg_replace(): Passing null to parameter [#3](https://github.com/ezyang/htmlpurifier/issues/3) ($subject) o… ([#421](https://github.com/ezyang/htmlpurifier/issues/421)) ([5d154a2](5d154a2393))
* non-substantive typos ([#434](https://github.com/ezyang/htmlpurifier/issues/434)) ([c2bc354](c2bc3549a3))

### Features

* Add CSS direction support ([#429](https://github.com/ezyang/htmlpurifier/issues/429)) ([63e631e](63e631ebd3))
* Add option for safe iframe hosts using array lookup ([#423](https://github.com/ezyang/htmlpurifier/issues/423)) ([b5cbf0c](b5cbf0cc3d))
* Allow more image widths by default ([#430](https://github.com/ezyang/htmlpurifier/issues/430)) ([00a0748](00a0748427))
* Define option URI.AllowedSymbols ([#447](https://github.com/ezyang/htmlpurifier/issues/447)) ([77ebd08](77ebd08632))
* PHP 8.4 support ([#441](https://github.com/ezyang/htmlpurifier/issues/441)) ([ff005f6](ff005f6edc))
* Support PHP 8.5 versions ([#453](https://github.com/ezyang/htmlpurifier/issues/453)) ([1eb05d9](1eb05d9864))

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 4.18.0
+PROJECT_NUMBER         = 4.19.0
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

NEWS

@@ -1,3 +1,23 @@
+# [4.19.0](https://github.com/ezyang/htmlpurifier/compare/v4.18.0...v4.19.0) (2025-10-17)
+
+
+### Bug Fixes
+
+* add warning for misleading option ([#433](https://github.com/ezyang/htmlpurifier/issues/433)) ([b21a591](https://github.com/ezyang/htmlpurifier/commit/b21a59101fe8b3e68185f4929a0bc44f4eb36653))
+* catastrophic backtracking in Core.AggressivelyFixLt ([#440](https://github.com/ezyang/htmlpurifier/issues/440)) ([418eeb7](https://github.com/ezyang/htmlpurifier/commit/418eeb7dc0e16a8cbba4393bf8f51aa91f9112f9))
+* Deprecated: preg_replace(): Passing null to parameter [#3](https://github.com/ezyang/htmlpurifier/issues/3) ($subject) o… ([#421](https://github.com/ezyang/htmlpurifier/issues/421)) ([5d154a2](https://github.com/ezyang/htmlpurifier/commit/5d154a239367e8886a1d1d67d68ff015cafa6814))
+* non-substantive typos ([#434](https://github.com/ezyang/htmlpurifier/issues/434)) ([c2bc354](https://github.com/ezyang/htmlpurifier/commit/c2bc3549a392722ab3b5aa4de973673db9e1708f))
+
+
+### Features
+
+* Add CSS direction support ([#429](https://github.com/ezyang/htmlpurifier/issues/429)) ([63e631e](https://github.com/ezyang/htmlpurifier/commit/63e631ebd34f40d702adfb61fe00a5c9631ba443))
+* Add option for safe iframe hosts using array lookup ([#423](https://github.com/ezyang/htmlpurifier/issues/423)) ([b5cbf0c](https://github.com/ezyang/htmlpurifier/commit/b5cbf0cc3da70ded91e8b118e2a582026b1e6d61))
+* Allow more image widths by default ([#430](https://github.com/ezyang/htmlpurifier/issues/430)) ([00a0748](https://github.com/ezyang/htmlpurifier/commit/00a0748427d08e0c462e65cdd192bdc921c532ac))
+* Define option URI.AllowedSymbols ([#447](https://github.com/ezyang/htmlpurifier/issues/447)) ([77ebd08](https://github.com/ezyang/htmlpurifier/commit/77ebd086321fb68bbcdb65f3c68ce15d23573172))
+* PHP 8.4 support ([#441](https://github.com/ezyang/htmlpurifier/issues/441)) ([ff005f6](https://github.com/ezyang/htmlpurifier/commit/ff005f6edc4d55f03d756c2d25141c4278286137))
+* Support PHP 8.5 versions ([#453](https://github.com/ezyang/htmlpurifier/issues/453)) ([1eb05d9](https://github.com/ezyang/htmlpurifier/commit/1eb05d9864620e926535ce2131803acd2a6d7a4d))
+
 # [4.18.0](https://github.com/ezyang/htmlpurifier/compare/v4.17.0...v4.18.0) (2024-11-01)
 
 

VERSION

@@ -1 +1 @@
-4.18.0
+4.19.0

configdoc/usage.xml

@@ -11,7 +11,7 @@
   <file name="HTMLPurifier/Lexer/DirectLex.php">
    <line>67</line>
    <line>87</line>
-   <line>385</line>
+   <line>363</line>
   </file>
   <file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
    <line>57</line>
@@ -19,37 +19,37 @@
  </directive>
  <directive id="CSS.MaxImgLength">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>253</line>
+   <line>258</line>
   </file>
  </directive>
  <directive id="CSS.Proprietary">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>397</line>
+   <line>402</line>
   </file>
  </directive>
  <directive id="CSS.AllowTricky">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>401</line>
+   <line>406</line>
   </file>
  </directive>
  <directive id="CSS.Trusted">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>405</line>
+   <line>410</line>
   </file>
  </directive>
  <directive id="CSS.AllowImportant">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>409</line>
+   <line>414</line>
   </file>
  </directive>
  <directive id="CSS.AllowedProperties">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>538</line>
+   <line>543</line>
   </file>
  </directive>
  <directive id="CSS.ForbiddenProperties">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>554</line>
+   <line>559</line>
   </file>
  </directive>
  <directive id="Cache.DefinitionImpl">
@@ -80,18 +80,18 @@
  <directive id="Core.Encoding">
   <file name="HTMLPurifier/Encoder.php">
    <line>380</line>
-   <line>428</line>
+   <line>427</line>
   </file>
  </directive>
  <directive id="Test.ForceNoIconv">
   <file name="HTMLPurifier/Encoder.php">
    <line>388</line>
-   <line>439</line>
+   <line>438</line>
   </file>
  </directive>
  <directive id="Core.EscapeNonASCIICharacters">
   <file name="HTMLPurifier/Encoder.php">
-   <line>429</line>
+   <line>428</line>
   </file>
  </directive>
  <directive id="Output.CommentScriptContents">
@@ -139,37 +139,37 @@
  </directive>
  <directive id="HTML.Parent">
   <file name="HTMLPurifier/HTMLDefinition.php">
-   <line>273</line>
+   <line>272</line>
   </file>
  </directive>
  <directive id="HTML.AllowedElements">
   <file name="HTMLPurifier/HTMLDefinition.php">
-   <line>291</line>
+   <line>286</line>
   </file>
  </directive>
  <directive id="HTML.AllowedAttributes">
   <file name="HTMLPurifier/HTMLDefinition.php">
-   <line>292</line>
+   <line>287</line>
   </file>
  </directive>
  <directive id="HTML.Allowed">
   <file name="HTMLPurifier/HTMLDefinition.php">
-   <line>295</line>
+   <line>290</line>
   </file>
  </directive>
  <directive id="HTML.ForbiddenElements">
   <file name="HTMLPurifier/HTMLDefinition.php">
-   <line>399</line>
+   <line>394</line>
   </file>
  </directive>
  <directive id="HTML.ForbiddenAttributes">
   <file name="HTMLPurifier/HTMLDefinition.php">
-   <line>400</line>
+   <line>395</line>
   </file>
  </directive>
  <directive id="HTML.Trusted">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>234</line>
+   <line>230</line>
   </file>
   <file name="HTMLPurifier/Lexer.php">
    <line>304</line>
@@ -193,32 +193,32 @@
  </directive>
  <directive id="HTML.AllowedModules">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>241</line>
+   <line>237</line>
   </file>
  </directive>
  <directive id="HTML.CoreModules">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>242</line>
+   <line>238</line>
   </file>
  </directive>
  <directive id="HTML.Proprietary">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>256</line>
+   <line>252</line>
   </file>
  </directive>
  <directive id="HTML.SafeObject">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>259</line>
+   <line>255</line>
   </file>
  </directive>
  <directive id="HTML.SafeEmbed">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>262</line>
+   <line>258</line>
   </file>
  </directive>
  <directive id="HTML.SafeScripting">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>265</line>
+   <line>261</line>
   </file>
   <file name="HTMLPurifier/HTMLModule/SafeScripting.php">
    <line>22</line>
@@ -226,22 +226,22 @@
  </directive>
  <directive id="HTML.Nofollow">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>268</line>
+   <line>264</line>
   </file>
  </directive>
  <directive id="HTML.TargetBlank">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>271</line>
+   <line>267</line>
   </file>
  </directive>
  <directive id="HTML.TargetNoreferrer">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>276</line>
+   <line>272</line>
   </file>
  </directive>
  <directive id="HTML.TargetNoopener">
   <file name="HTMLPurifier/HTMLModuleManager.php">
-   <line>279</line>
+   <line>275</line>
   </file>
  </directive>
  <directive id="Attr.IDBlacklist">
@@ -304,6 +304,11 @@
    <line>35</line>
   </file>
  </directive>
+ <directive id="URI.AllowedSymbols">
+  <file name="HTMLPurifier/URI.php">
+   <line>111</line>
+  </file>
+ </directive>
  <directive id="URI.">
   <file name="HTMLPurifier/URIDefinition.php">
    <line>65</line>
@@ -406,7 +411,7 @@
  </directive>
  <directive id="Attr.">
   <file name="HTMLPurifier/AttrDef/HTML/LinkTypes.php">
-   <line>46</line>
+   <line>41</line>
   </file>
  </directive>
  <directive id="Core.AllowHostnameUnderscore">
@@ -462,13 +467,13 @@
  </directive>
  <directive id="Cache.SerializerPath">
   <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>185</line>
+   <line>186</line>
   </file>
  </directive>
  <directive id="Cache.SerializerPermissions">
   <file name="HTMLPurifier/DefinitionCache/Serializer.php">
-   <line>202</line>
-   <line>218</line>
+   <line>203</line>
+   <line>219</line>
   </file>
  </directive>
  <directive id="Filter.ExtractStyleBlocks.TidyImpl">
@@ -552,12 +557,12 @@
  </directive>
  <directive id="Core.AllowParseManyTags">
   <file name="HTMLPurifier/Lexer/DOMLex.php">
-   <line>72</line>
+   <line>65</line>
   </file>
  </directive>
  <directive id="Core.RemoveBlanks">
   <file name="HTMLPurifier/Lexer/DOMLex.php">
-   <line>75</line>
+   <line>68</line>
   </file>
  </directive>
  <directive id="Core.DirectLexLineNumberSyncInterval">
@@ -610,7 +615,7 @@
  </directive>
  <directive id="URI.SafeIframeHosts">
   <file name="HTMLPurifier/URIFilter/SafeIframe.php">
-   <line>67</line>
+   <line>64</line>
   </file>
  </directive>
 </usage>

library/HTMLPurifier.includes.php

@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.18.0
+ * @version 4.19.0
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,

library/HTMLPurifier.php

@@ -19,7 +19,7 @@
  */
 
 /*
-    HTML Purifier 4.18.0 - Standards Compliant HTML Filtering
+    HTML Purifier 4.19.0 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -58,12 +58,12 @@ class HTMLPurifier
      * Version of HTML Purifier.
      * @type string
      */
-    public $version = '4.18.0';
+    public $version = '4.19.0';
 
     /**
      * Constant with version of HTML Purifier.
      */
-    const VERSION = '4.18.0';
+    const VERSION = '4.19.0';
 
     /**
      * Global configuration object.

library/HTMLPurifier/Config.php

@@ -21,7 +21,7 @@ class HTMLPurifier_Config
      * HTML Purifier's version
      * @type string
      */
-    public $version = '4.18.0';
+    public $version = '4.19.0';
 
     /**
      * Whether or not to automatically finalize