-------------------------------------------------------------------
Tue Mar 10 09:58:53 UTC 2026 - Nico Krapp <nico.krapp@suse.com>

- Update to 0.4.4
  * Fixed a bug where Unicode escapes in CSS were not properly decoded before
    security checks. This prevents attackers from bypassing filters using
    escape sequences. (CVE-2026-28348) (bsc#1259378)
  * Fixed a security issue where <base> tags could be used for URL hijacking
    attacks. The <base> tag is now automatically removed whenever the <head>
    tag is removed (via page_structure=True or manual configuration), as <base>
    must be inside <head> according to HTML specifications. (CVE-2026-28350)
    (bsc#1259379)

-------------------------------------------------------------------
Fri Oct 10 05:38:18 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>

- Update to 0.4.3:
  * Tests updated to work correctly with new lxml and libxml2 releases.
  * Python 3.6 and 3.7 are no longer tested.

-------------------------------------------------------------------
Fri Apr 11 20:57:19 UTC 2025 - Dirk Müller <dmueller@suse.com>

- update to 0.4.2:
  * lxml_html_clean now correctly handles HTML input as bytes as
    it did before the 0.2.0 release.

-------------------------------------------------------------------
Thu Nov 21 05:12:50 UTC 2024 - ecsos <ecsos@opensuse.org>

- Update to 0.4.1
  * Bugs fixed
    - Removed superfluous debug prints.
- Changes from 0.4.0
  * Bugs fixed
    - The Cleaner() now scans for hidden JavaScript code embedded
      within CSS comments. In certain contexts, such as within
      <svg> or <math> tags, <style> tags may lose their intended
      function, allowing comments like /* foo */ to potentially be
      executed by the browser. If a suspicious content is detected,
      only the comment is removed.
- Changes from 0.3.1
  * Features added
    - Do not parse URL addresses when it is not necessary.
- Changes from 0.3.0
  * Features added
    - Parsing of URL addresses has been enhanced and Cleaner
      removes ambiguous URLs.
- Changes from 0.2.2
  * Bugs fixed
    - sdist now includes all test files and changelog.
- Changes from 0.2.1
  * Bugs fixed
    - Memory efficiency is now much better for HTML pages where
      cleaner removes a lot of elements. (#14)
- Changes from 0.2.0
  * Features added
    - ASCII control characters (except HT, VT, CR and LF) are now
      removed from string inputs before they're parsed by lxml/libxml2.
- Fix boo#1233541

-------------------------------------------------------------------
Sun Jun 23 09:27:25 UTC 2024 - ecsos <ecsos@opensuse.org>

- Initial version 0.1.1