Changes for version 1.04 - 2011-01-03

  • Change defang_and_add_to_output to delay the defanging until after the current tag is actually emmitted to the output
  • If url callback has marked the attribute as to be defanged, skip result of attribute callback
  • Track <a> tags as part of mismatched tag tracking
  • Replace magic constants of 0, 1 and 2 in HTML::Defang with exported constants DEFANG_NONE, DEFANG_ALWAYS and DEFANG_DEFAULT
  • allow attribute values upto 16384 chars long


Cleans HTML as well as CSS of scripting and other executable contents, and neutralises XSS attacks.