Nokogiri follows Semantic Versioning, please see the README.md for details.
[Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs.
libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see libxml/!66). Early testing caught this segfault on non-Windows platforms (see #2059 and libxml@956534e) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs.
We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. Nokogiri::VERSION_INFO["libxml"]["memory_management"]
will allow you to verify when the default memory management functions are being used. [#2241]
Nokogiri::VERSION_INFO["libxml"]
now contains the key "memory_management"
to declare whether libxml2 is using its default
memory management functions, or whether it uses the memory management functions from ruby
. See above for more details.
[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:
Note that two additional CVEs were addressed upstream but are not relevant to this release. CVE-2021-3516 via xmllint
is not present in Nokogiri, and CVE-2020-7595 has been patched in Nokogiri since v1.10.8 (see #1992).
Please see nokogiri/GHSA-7rrm-v45f-jp64 or #2233 for a more complete analysis of these CVEs and patches.
- [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)
- [CRuby] Passing non-
Node
objects toDocument#root=
now raises anArgumentError
exception. Previously this likely segfaulted. [#1900] - [JRuby] Passing non-
Node
objects toDocument#root=
now raises anArgumentError
exception. Previously this raised aTypeError
exception. - [CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)
- [CRuby]
NodeSet
may now safely containNode
objects from multiple documents. Previously the GC lifecycle of the parentDocument
objects could lead to nodes being GCed while still in scope. [#1952] - [CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream GNOME/libxml2#200 and GNOME/libxml2!100.) [#2132].
- [CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against
nokogiri.so
by includingLDFLAGS
inNokogiri::VERSION_INFO
. [#2167] - [CRuby]
{XML,HTML}::Document.parse
now invokes#initialize
exactly once. Previously#initialize
was invoked twice on each object. - [JRuby]
{XML,HTML}::Document.parse
now invokes#initialize
exactly once. Previously#initialize
was not called, which was a problem for subclassing such as done byLoofah
.
- Reduce the number of object allocations needed when parsing an HTML::DocumentFragment. [#2087] (Thanks, @ashmaroli!)
- [JRuby] Update the algorithm used to calculate
Node#line
to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [#1223, #2177] - Introduce
--enable-system-libraries
and--disable-system-libraries
flags toextconf.rb
. These flags provide the same functionality as--use-system-libraries
and theNOKOGIRI_USE_SYSTEM_LIBRARIES
environment variable, but are more idiomatic. [#2193] (Thanks, @eregon!) - [TruffleRuby]
--disable-static
is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [#2191, #2193] (Thanks, @eregon!)
Nokogiri::XML::Path
is now a Module (previously it has been a Class). It has been acting solely as a Module since v1.0.0. See 8461c74.
- [CRuby] If
libxml-ruby
is loaded beforenokogiri
, the SAX and Push parsers no longer calllibxml-ruby
's handlers. Instead, they defensively override the libxml2 global handler before parsing. [#2168]
"Native gems" contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in much faster installation and more reliable installation, which as you probably know are the biggest headaches for Nokogiri users.
We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:
- Linux:
x86-linux
andx86_64-linux
-- including musl platforms like alpine - OSX/Darwin:
x86_64-darwin
andarm64-darwin
We'd appreciate your thoughts and feedback on this work at #2075.
This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.
This release ends support for:
- Ruby 2.3, for which official support ended on 2019-03-31 [#1886] (Thanks @ashmaroli!)
- Ruby 2.4, for which official support ended on 2020-04-05
- JRuby 9.1, which is the Ruby 2.3-compatible release.
- Explicitly add racc as a runtime dependency. [#1988] (Thanks, @voxik!)
- [MRI] Upgrade mini_portile2 dependency from
~> 2.4.0
to~> 2.5.0
[#2005] (Thanks, @alejandroperea!)
See note below about CVE-2020-26247 in the "Changed" subsection entitled "XML::Schema parsing treats input as untrusted by default".
- Add Node methods for manipulating "keyword attributes" (for example,
class
andrel
):#kwattr_values
,#kwattr_add
,#kwattr_append
, and#kwattr_remove
. [#2000] - Add support for CSS queries
a:has(> b)
,a:has(~ b)
, anda:has(+ b)
. [#688] (Thanks, @jonathanhefner!) - Add
Node#value?
to better match expected semantics of a Hash-like object. [#1838, #1840] (Thanks, @MatzFan!) - [CRuby] Add
Nokogiri::XML::Node#line=
for use by downstream libs like nokogumbo. [#1918] (Thanks, @stevecheckoway!) nokogiri.gemspec
is back after a 10-year hiatus. We still prefer you use the official releases, butmain
is pretty stable these days, and YOLO.
- [CRuby] The CSS
~=
operator and class selector.
are about 2x faster. [#2137, #2135] - [CRuby] Patch libxml2 to call
strlen
fromxmlStrlen
rather than the naive implementation, becausestrlen
is generally optimized for the architecture. [#2144] (Thanks, @ilyazub!) - Improve performance of some namespace operations. [#1916] (Thanks, @ashmaroli!)
- Remove unnecessary array allocations from Node serialization methods [#1911] (Thanks, @ashmaroli!)
- Avoid creation of unnecessary zero-length String objects. [#1970] (Thanks, @ashmaroli!)
- Always compile libxml2 and libxslt with '-O2' [#2022, #2100] (Thanks, @ilyazub!)
- [JRuby] Lots of code cleanup and performance improvements. [#1934] (Thanks, @kares!)
- [CRuby]
RelaxNG.from_document
no longer leaks memory. [#2114]
- [CRuby] Handle incorrectly-closed HTML comments as WHATWG recommends for browsers. [#2058] (Thanks to HackerOne user mayflower for reporting this!)
- {HTML,XML}::Document#parse now accept
Pathname
objects. Previously this worked only if the referenced file was less than 4096 bytes long; longer files resulted in undefined behavior because theread
method would be repeatedly invoked. [#1821, #2110] (Thanks, @doriantaylor and @phokz!) - [CRuby] Nokogumbo builds faster because it can now use header files provided by Nokogiri. [#1788] (Thanks, @stevecheckoway!)
- Add
frozen_string_literal: true
magic comment to alllib
files. [#1745] (Thanks, @oniofchaos!) - [JRuby] Clean up deprecated calls into JRuby. [#2027] (Thanks, @headius!)
- HTML Parsing in "strict" mode (i.e., the
RECOVER
parse option not set) now correctly raises aXML::SyntaxError
exception. Previously the value of theRECOVER
bit was being ignored by CRuby and was misinterpreted by JRuby. [#2130] - The CSS
~=
operator now correctly handles non-space whitespace in theclass
attribute. commit e45dedd - The switch to turn off the CSS-to-XPath cache is now thread-local, rather than being shared mutable state. [#1935]
- The Node methods
add_previous_sibling
,previous=
,before
,add_next_sibling
,next=
,after
,replace
, andswap
now correctly use their parent as the context node for parsing markup. These methods now also raise aRuntimeError
if they are called on a node with no parent. [nokogumbo#160] - [JRuby] XML::Schema XSD validation errors are captured in
XML::Schema#errors
. These errors were previously ignored. - [JRuby] Standardize reading from IO like objects, including StringIO. [#1888, #1897]
- [JRuby] Fix how custom XPath function namespaces are inferred to be less naive. [#1890, #2148]
- [JRuby] Clarify exception message when custom XPath functions can't be resolved.
- [JRuby] Comparison of Node to Document with
Node#<=>
now matches CRuby/libxml2 behavior. - [CRuby] Syntax errors are now correctly captured in
Document#errors
for short HTML documents. Previously the SAX parser used for encoding detection was clobbering libxml2's global error handler. - [CRuby] Fixed installation on AIX with respect to
vasprintf
. [#1908] - [CRuby] On some platforms, avoid symbol name collision with glibc's
canonicalize
. [#2105] - [Windows Visual C++] Fixed compiler warnings and errors. [#2061, #2068]
- [CRuby] Fixed Nokogumbo integration which broke in the v1.11.0 release candidates. [#1788] (Thanks, @stevecheckoway!)
- [JRuby] Fixed document encoding regression in v1.11.0 release candidates. [#2080, #2083] (Thanks, @thbar!)
- The internal method
Nokogiri::CSS::Parser.cache_on=
has been removed. Use.set_cache
if you need to muck with the cache internals. - The class method
Nokogiri::CSS::Parser.parse
has been removed. This was originally deprecated in 2009 in 13db61b. UseNokogiri::CSS.parse
instead.
Address CVE-2020-26247.
In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema
were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.
This behavior is counter to the security policy intended by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible.
Please note that this security fix was pushed into a new minor version, 1.11.x, rather than a patch release to the 1.10.x branch, because it is a breaking change for some schemas and the risk was assessed to be "Low Severity".
More information and instructions for enabling "trusted input" behavior in v1.11.0.rc4 and later is available at the public advisory.
(Also noted above in the "Fixed" section) HTML Parsing in "strict" mode (i.e., the RECOVER
parse option not set) now correctly raises a XML::SyntaxError
exception. Previously the value of the RECOVER
bit was being ignored by CRuby and was misinterpreted by JRuby.
If you're using the default parser options, you will be unaffected by this fix. If you're passing strict
or norecover
to your HTML parser call, you may be surprised to see that the parser now fails to recover and raises a XML::SyntaxError
exception. Given the number of HTML documents on the internet that libxml2 would consider to be ill-formed, this is probably not what you want, and you can omit setting that parse option to restore the behavior that you have been relying upon.
Apologies to anyone inconvenienced by this breaking bugfix being present in a minor release, but I felt it was appropriate to introduce this fix because it's straightforward to fix any code that has been relying on this buggy behavior.
This release changes the metadata provided in Nokogiri::VersionInfo
which also affects the output of nokogiri -v
. Some related constants have also been changed. If you're using VersionInfo
programmatically, or relying on constants related to underlying library versions, please read the detailed changes for Nokogiri::VersionInfo
at #2139 and accept our apologies for the inconvenience.
- [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that prior to this release, the v1.11.x prereleases provided this support.
- [MRI] Raise an exception when Nokogiri detects a specific libxml2 edge case involving blank Schema nodes wrapped by Ruby objects that would cause a segfault. Currently no fix is available upstream, so we're preventing a dangerous operation and informing users to code around it if possible. [#1985, #2001]
- [JRuby] Change
NodeSet#to_a
to return a RubyArray instead of Object, for compilation under JRuby 9.2.9 and later. [#1968, #1969] (Thanks, @headius!)
[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. [#1954]
[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:
- CVE-2019-13117
- CVE-2019-13118
- CVE-2019-18197
- CVE-2019-19956
More details are available at #1943.
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
Address CVE-2019-5477 (#1915).
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open
method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.
This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is #1915
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
- [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
- [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]
- [JRuby] Fix node ownership in duplicated documents. [#1060]
- [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)
- [MRI] During installation, handle Xcode 10's new library path. [#1801, #1851] (Thanks, @mlj and @deepj!)
- Avoid unnecessary creation of
Proc
s in many methods. [#1776] (Thanks, @chopraanmol1!)
- CSS selector
:has()
now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, @Phrogz!) NodeSet#attr
now returnsnil
if it's empty. Previously this raised a NoMethodError.- [MRI] XPath errors are no longer suppressed during
XSLT::Stylesheet#transform
. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802]
- This release ends support for Ruby 2.2, for which official support ended on 2018-03-31 [#1841]
- This release ends support for JRuby 1.7, for which official support ended on 2017-11-21 [#1741]
- [MRI] libxml2 is updated from 2.9.8 to 2.9.9
- [MRI] libxslt is updated from 1.1.32 to 1.1.33
- Fix a bug introduced in v1.9.0 where
XML::DocumentFragment#dup
no longer returned an instance of the callee's class, instead always returning anXML::DocumentFragment
. This notably broke any subclass ofXML::DocumentFragment
includingHTML::DocumentFragment
as well as the Loofah gem'sLoofah::HTML::DocumentFragment
. [#1846]
- [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [#1831] (Thanks @grajagandev for reporting.)
- Decrease installation size by removing many unneeded files (e.g.,
/test
) from the packaged gems. [#1719] (Thanks, @stevecrozz!)
XML::Attr#value=
allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [#1800]- Introduce
XML::Node#wrap
which does whatXML::NodeSet#wrap
has always done, but for a single node. [#1531] (Thanks, @ethirajsrinivasan!) - [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (Thanks, @gpakosz and @nurse!)
- [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
- [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [#1063]
- [JRuby] NodeSet has been rewritten to improve performance! [#1795]
NodeSet#each
now returnsself
instead of zero. [#1822] (Thanks, @olehif!)- [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [#1810]
- [MRI] Address a memory leak when unparenting a DTD. [#1784] (Thanks, @stevecheckoway!)
- [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [#1820] (Thanks, @nobu!)
- [JRuby] Decrease large memory usage when making nested XPath queries. [#1749]
- [JRuby] Fix failing tests on JRuby 9.2.x
- [JRuby] Fix default namespaces in nodes reparented into a different document [#1774]
- [JRuby] Fix support for Java 9. [#1759] (Thanks, @Taywee!)
- [MRI] Upgrade mini_portile2 dependency from
~> 2.3.0
to~> 2.4.0
[MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in #1785. Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2.
- [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722]
- [JRuby] Fix node reparenting when the destination doc is empty. [#1773]
- [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in v1.5.7) [#1771]
[MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here:
and more information is available about this commit and its impact here:
This release simply reverts the libxml2 commit in question to protect users of Nokogiri's vendored libraries from similar vulnerabilities.
If you're offended by what happened here, I'd kindly ask that you comment on the upstream bug report here:
[MRI] Vendored libxml2 upgraded to v2.9.8 which addresses CVE-2016-9318 [#1582].
- [MRI] libxml2 is updated from 2.9.7 to 2.9.8
- Node#classes, #add_class, #append_class, and #remove_class are added.
- NodeSet#append_class is added.
- NodeSet#remove_attribute is a new alias for NodeSet#remove_attr.
- NodeSet#each now returns an Enumerator when no block is passed (Thanks, @park53kr!)
- [JRuby] General improvements in JRuby implementation (Thanks, @kares!)
- CSS attribute selectors now gracefully handle queries using integers. [#711]
- Handle ASCII-8BIT encoding on fragment input [#553]
- Handle non-string return values within
Reader
[#898] - [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666]
- [JRuby] Stability and speed improvements to
Node
,Sax::PushParser
, and the JRuby implementation [#1708, #1710, #1501]
[MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one published vulnerability, CVE-2017-15412. [#1714 has complete details]
- [MRI] libxml2 is updated from 2.9.5 to 2.9.7
- [MRI] libxslt is updated from 1.1.30 to 1.1.32
- [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, @jeremyevans!)
- [MRI] Cross-built Windows gems now support Ruby 2.5
- Node#serialize once again returns UTF-8-encoded strings. [#1659]
- [JRuby] made SAX parsing of characters consistent with C implementation [#1676] (Thanks, [@andrew-aladev](https://github.com/andrew-aladev)!)
- [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238]
- [MRI] libxml2 is updated from 2.9.4 to 2.9.5.
- [MRI] libxslt is updated from 1.1.29 to 1.1.30.
- [MRI] optional dependency on the pkg-config gem has had its constraint loosened to
~> 1.1
(from~> 1.1.7
). [#1660] - [MRI] Upgrade mini_portile2 dependency from
~> 2.2.0
to~> 2.3.0
, which will validate checksums on the vendored libxml2 and libxslt tarballs before using them.
- NodeSet#first with an integer argument longer than the length of the NodeSet now correctly clamps the length of the returned NodeSet to the original length. [#1650] (Thanks, @Derenge!)
- [MRI] Ensure CData.new raises TypeError if the
content
argument is not implicitly convertible into a string. [#1669]
This release ends support for Ruby 2.1 on Windows in the x86-mingw32
and x64-mingw32
platform gems (containing pre-compiled DLLs). Official support ended for Ruby 2.1 on 2017-04-01.
Please note that this deprecation note only applies to the precompiled Windows gems. Ruby 2.1 continues to be supported (for now) in the default gem when compiled on installation.
- [Windows] Upgrade iconv from 1.14 to 1.15 (unless --use-system-libraries)
- [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
- [MRI] Upgrade rake-compiler dependency from 0.9.2 to 1.0.3
- [MRI] Upgrade mini-portile2 dependency from
~> 2.1.0
to~> 2.2.0
- [JRuby] Removed support for
jruby --1.8
code paths. [#1607] (Thanks, @kares!) - [MRI Windows] Retrieve zlib source from http://zlib.net/fossils to avoid deprecation issues going forward. See #1632 for details around this problem.
- NodeSet#clone is now an alias for NodeSet#dup [#1503] (Thanks, @stephankaag!)
- Allow Processing Instructions and Comments as children of a document root. [#1033] (Thanks, @windwiny!)
- [MRI] PushParser#replace_entities and #replace_entities= will control whether entities are replaced or not. [#1017] (Thanks, @spraints!)
- [MRI] SyntaxError#to_s now includes line number, column number, and log level if made available by the parser. [#1304, #1637] (Thanks, @spk and @ccarruitero!)
- [MRI] Cross-built Windows gems now support Ruby 2.4
- [MRI] Support for frozen string literals. [#1413]
- [MRI] Support for installing Nokogiri on a machine in FIPS-enabled mode [#1544]
- [MRI] Vendored libraries are verified with SHA-256 hashes (formerly some MD5 hashes were used) [#1544]
- [JRuby] (performance) remove unnecessary synchronization of class-cache [#1563] (Thanks, @kares!)
- [JRuby] (performance) remove unnecessary cloning of objects in XPath searches [#1563] (Thanks, @kares!)
- [JRuby] (performance) more performance improvements, particularly in XPath, Reader, XmlNode, and XmlNodeSet [#1597] (Thanks, @kares!)
- HTML::SAX::Parser#parse_io now correctly parses HTML and not XML [#1577] (Thanks for the test case, @gregors!)
- Support installation on systems with a
lib64
site config. [#1562] - [MRI] on OpenBSD, do not require gcc if using system libraries [#1515] (Thanks, @jeremyevans!)
- [MRI] XML::Attr.new checks type of Document arg to prevent segfaults. [#1477]
- [MRI] Prefer xmlCharStrdup (and friends) to strdup (and friends), which can cause problems on some platforms. [#1517] (Thanks, @jeremy!)
- [JRuby] correctly append a text node before another text node [#1318] (Thanks, @jkraemer!)
- [JRuby] custom xpath functions returning an integer now work correctly [#1595] (Thanks, @kares!)
- [JRuby] serializing (
#to_html
,#to_s
, et al) a document with explicit encoding now works correctly. [#1281, #1440] (Thanks, @kares!) - [JRuby] XML::Reader now returns parse errors [#1586] (Thanks, @kares!)
- [JRuby] Empty NodeSets are now decorated properly. [#1319] (Thanks, @kares!)
- [JRuby] Merged nodes no longer results in Java exceptions during XPath queries. [#1320] (Thanks, @kares!)
[MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738.
For more information:
- #1634
- http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
[MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131.
For more information:
- #1615
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
- Remove deprecation warnings in Ruby 2.4.0 (#1545) (Thanks, @matthewd!)
- Support egcc compiler on OpenBSD (#1543) (Thanks, @frenkel and @knu!)
This release ends support for:
- Ruby 1.9.2, for which official support ended on 2014-07-31
- Ruby 1.9.3, for which official support ended on 2015-02-23
- Ruby 2.0.0, for which official support ended on 2016-02-24
- MacRuby, which hasn't been actively supported since 2015-01-13 (see https://github.com/MacRuby/MacRuby/commit/f76b9d6e99c18236db617e8aceb12c27d593a483)
Removes required dependency on the pkg-config
gem. This dependency
was introduced in v1.6.8 and, because it's distributed under LGPL, was
objectionable to many Nokogiri users (#1488, #1496).
This version makes pkg-config
an optional dependency. If it's
installed, it's used; but otherwise Nokogiri will attempt to work
around its absence.
[MRI] Bundled libxml2 is upgraded to 2.9.4, which fixes many security issues. Many of these had previously been patched in the vendored libxml 2.9.2 in the 1.6.7.x branch, but some are newer.
See these libxml2 email posts for more:
- https://mail.gnome.org/archives/xml/2015-November/msg00012.html
- https://mail.gnome.org/archives/xml/2016-May/msg00023.html
For a more detailed analysis, you may care to read Canonical's take on these security issues:
[MRI] Bundled libxslt is upgraded to 1.1.29, which fixes a security issue as well as many long-known outstanding bugs, some features, some portability improvements, and general cleanup.
See this libxslt email post for more:
Several changes were made to improve performance:
- [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397)
- XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!)
- Use Symbol#to_proc where we weren't previously. (#1296) (Thanks, Bruno Sutic!)
- XML::DTD#each uses implicit block calls. (Thanks, @glaucocustodio!)
- Fall back to the
pkg-config
gem if we're having trouble finding the system libxml2. This should help many FreeBSD users. (#1417) - Set document encoding appropriately even on blank document. (#1043) (Thanks, @batter!)
- [JRuby] fix slow add_child (#692)
- [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, @atambo and @jvshahid!)
- [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) (Thanks, @mkristian!)
- [JRuby] fix nil attriubte node's namespace in reader (#1327) (Thanks, @codekitchen!)
- [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes (#1113) (Thanks, @mkristian!)
- [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, @esse!)
- [JRuby] allow Fragment parsing on a frozen string (#444, #1077)
- [JRuby] HTML
style
tags are no longer encoded (#1316) (Thanks, @tbeauvais!) - [MRI] fix assertion failure while accessing attribute node's namespace in reader (#843) (Thanks, @2potatocakes!)
- [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155)
- [MRI] Ensure C strings are null-terminated. (#1381)
- [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. (#1393, #1411) (Thanks, @JonRowe!)
- [MRI] Handling another edge case where the
libxml-ruby
gem's global callbacks were smashing the heap. (#1426). (Thanks to @bbergstrom for providing an isolated test case!) - [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844)
- [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to another document. (#391) (Thanks, @ylecuyer!)
- [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) (Thanks, @ccutrer!)
- [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, #1444) (Thanks, @cuttrer and @bradleybeddoes!)
- unescape special characters in CSS queries (#1303) (Thanks, @twalpole!)
- consistently handle empty documents (#1349)
- Update to mini_portile2 2.1.0 to address whitespace-handling during patching. (#1402)
- Fix encoding of xml node namespaces.
- Work around issue installing Nokogiri on overlayfs (commonly used in Docker containers). (#1370, #1405)
- Removed legacy code remaining from Ruby 1.8.x support.
- Removed legacy code remaining from REE support.
- Removing hacky workarounds for bugs in some older versions of libxml2.
- Handling C strings in a forward-compatible manner, see https://github.com/ruby/ruby/blob/v2_2_0/NEWS#L319
This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
- CVE-2015-7499
Ubuntu classifies this as "Priority: Low", RedHat classifies this as "Impact: Moderate", and NIST classifies this as "Severity: 5.0 (MEDIUM)".
MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
- CVE-2015-5312
- CVE-2015-7497
- CVE-2015-7498
- CVE-2015-7499
- CVE-2015-7500
- CVE-2015-8241
- CVE-2015-8242
- CVE-2015-8317
See also http://www.ubuntu.com/usn/usn-2834-1/
This version supports native builds on Windows using the RubyInstaller DevKit. It also supports Ruby 2.2.x on Windows, as well as making several other improvements to the installation process on various platforms.
This version also includes the security patches already applied in v1.6.6.3 and v1.6.6.4 to the vendored libxml2 and libxslt source. See #1374 and #1376 for details.
- Cross-built gems now have a proper ruby version requirement. (#1266)
- Ruby 2.2.x is supported on Windows.
- Native build is supported on Windows.
- [MRI] libxml2 and libxslt
config.guess
files brought up to date. (#1326) (Thanks, [@hernan-erasmo](https://github.com/hernan-erasmo)!) - [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
- [MRI, OSX] Patch to handle nonstandard location of
iconv.h
. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)
- [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
- [JRuby] Document#parse should support IO objects that respond to #read. (#1124) (Thanks, Jake Byman!)
- [MRI] Duplicate-id errors when setting the
id
attribute on HTML documents are now silenced. (#1262) - [JRuby] SAX parser cuts texts in pieces when square brackets exist. (#1261)
- [JRuby] Namespaced attributes aren't removed by remove_attribute. (#1299)
This version pulls in an upstream patch to the vendored libxml2 to address:
- unclosed comment uninitialized access issue (#1376)
This issue was assigned CVE-2015-8710 after the fact. See http://seclists.org/oss-sec/2015/q4/616 for details.
This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
- CVE-2015-1819
- CVE-2015-7941_1
- CVE-2015-7941_2
- CVE-2015-7942
- CVE-2015-7942-2
- CVE-2015-8035
- CVE-2015-7995
See #1374 for details.
- Fixed installation issue affecting compiler arguments. (#1230)
Note that 1.6.6.0 was not released.
- Unified Node and NodeSet implementations of #search, #xpath and #css.
- Added Node#lang and Node#lang=.
- bin/nokogiri passes the URI to parse() if an HTTP URL is given.
- bin/nokogiri now loads ~/.nokogirirc so user can define helper methods, etc.
- bin/nokogiri can be configured to use Pry instead of IRB by adding a couple of lines to ~/.nokogirirc. (#1198)
- bin/nokogiri can better handle urls from STDIN (aiding use of xargs). (#1065)
- JRuby 9K support.
- DocumentFragment#search now matches against root nodes. (#1205)
- (MRI) More fixes related to handling libxml2 parse errors during DocumentFragment#dup. (#1196)
- (JRuby) Builder now handles namespace hrefs properly when there is a default ns. (#1039)
- (JRuby) Clear the XPath cache on attr removal. (#1109)
XML::Comment.new
argument types are now consistent and safe (and documented) across MRI and JRuby. (#1224)- (MRI) Restoring support for Ruby 1.9.2 that was broken in v1.6.4.1 and v1.6.5. (#1207)
- Check if
zlib
is available before buildinglibxml2
. (#1188) - (JRuby) HtmlSaxPushParser now exists. (#1147) (Thanks, Piotr Szmielew!)
- Implement Slop#respond_to_missing?. (#1176)
- Optimized the XPath query generated by an
an+b
CSS query.
- Capture non-parse errors from Document#dup in Document#errors. (#1196)
- (JRuby) Document#canonicalize parameters are now consistent with MRI. (#1189)
- (MRI) Fix a bug where CFLAGS passed in are dropped. (#1188)
- Fix a bug where CSS selector :nth(n) did not work. (#1187)
- (MRI) Bundled Libxml2 is upgraded to 2.9.2.
- (MRI)
nokogiri --version
will include a list of applied patches. - (MRI) Nokogiri no longer prints messages directly to TTY while building the extension.
- (MRI) Detect and help user fix a missing /usr/include/iconv.h on OS X. (#1111)
- (MRI) Improve the iconv detection for building libxml2.
- (MRI) Fix DocumentFragment#element_children (#1138).
- Fix a bug with CSS attribute selector without any prefix where "foo [bar]" was treated as "foo[bar]". (#1174)
- Addressing an Apple Macintosh installation problem for GCC users. #1130 (Thanks, @zenspider!)
- Added Node#document? and Node#processing_instruction?
- [JRuby] Fix Ruby memory exhaustion vulnerability. #1087 (Thanks, @ocher)
- [MRI] Fix segfault during GC when using
libxml-ruby
andnokogiri
together in multi-threaded environment. #895 (Thanks, @ender672!) - Building on OSX 10.9 stock ruby 2.0.0 now works. #1101 (Thanks, @zenspider!)
- Node#parse now works again for HTML document nodes (broken in 1.6.2+).
- Processing instructions can now be added via Node#add_next_sibling.
- Fix statically-linked libxml2 installation when using universal builds of Ruby. #1104
- Patching
mini_portile
to address the git dependency detailed in #1102. - Library load fix to address segfault reported on some systems. #1097
A set of security and bugfix patches have been backported from the libxml2 and libxslt repositories onto the version of 2.8.0 packaged with Nokogiri, including these notable security fixes:
- https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
- CVE-2013-2877 https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
- CVE-2014-0191 https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
It is recommended that you upgrade from 1.6.x to this version as soon as possible.
Now requires libxml >= 2.6.21 (was previously >= 2.6.17).
- Add cross building of fat binary gems for 64-Bit Windows (x64-mingw32) and add support for native builds on Windows. #864, #989, #1072
- (MRI) Alias CP932 to Windows-31J if iconv does not support Windows-31J.
- (MRI) Nokogiri now links packaged libraries statically. To disable static linking, pass --disable-static to extconf.rb. #923
- (MRI) Fix a library path (LIBPATH) precedence problem caused by CRuby bug #9760.
- (MRI) Nokogiri automatically deletes directories of packaged libraries only used during build. To keep them for debugging purposes, pass --disable-clean to extconf.rb. #952
- (MRI) Nokogiri now builds libxml2 properly with iconv support on platforms where libiconv is installed outside the system default directories, such as FreeBSD.
- Add support for an-b in nth selectors. #886 (Thanks, Magnus Bergmark!)
- Add support for bare and multiple :not() functions in selectors. #887 (Thanks, Magnus Bergmark!)
- (MRI) Add an extconf.rb option --use-system-libraries, alternative to setting the environment variable NOKOGIRI_USE_SYSTEM_LIBRARIES.
- (MRI) Update packaged libraries: libxslt to 1.1.28, zlib to 1.2.8, and libiconv to 1.14, respectively.
- Nokogiri::HTML::Document#title= and #meta_encoding= now always add an element if not present, trying hard to find the best place to put it.
- Nokogiri::XML::DTD#html_dtd? and #html5_dtd? are added.
- Nokogiri::XML::Node#prepend_child is added. #664
- Nokogiri::XML::SAX::ParserContext#recovery is added. #453
- Fix documentation for XML::Node#namespace. #803 #802 (Thanks, Hoylen Sue)
- Allow Nokogiri::XML::Node#parse from unparented non-element nodes. #407
- Ensure :only-child pseudo class works within :not pseudo class. #858 (Thanks, Yamagishi Kazutoshi!)
- Don't call pkg_config when using bundled libraries in extconf.rb #931 (Thanks, Shota Fukumori!)
- Nokogiri.parse() does not mistake a non-HTML document like a RSS document as HTML document. #932 (Thanks, Yamagishi Kazutoshi!)
- (MRI) Perform a node type check before adding a child node to another. Previously adding a text node to another as a child could cause a SEGV. #1092
- (JRuby) XSD validation crashes in Java version. #373
- (JRuby) Document already has a root node error while using Builder. #646
- (JRuby) c14n tests are all passing on JRuby. #226
- Parsing empty documents raise SyntaxError in strict mode. #1005
- (JRuby) Make xpath faster by caching the xpath context. #741
- (JRuby) XML SAX push parser leaks memory on JRuby, but not on MRI. #998
- (JRuby) Inconsistent behavior aliasing the default namespace. #940
- (JRuby) Inconsistent behavior between parsing and adding namespaces. #943
- (JRuby) Xpath returns inconsistent result set on cloned document with namespaces and attributes. #1034
- (JRuby) Java-Implementation forgets element namespaces #902
- (JRuby) JRuby-Nokogiri does not recognise attributes inside namespaces #1081
- (JRuby) JRuby-Nokogiri has different comment node name #1080
- (JRuby) JAXPExtensionsProvider / Java 7 / Secure Processing #1070
- (JRuby) Fix out of memory bug when certain invalid documents are parsed.
- (JRuby) Fix regression of billion-laughs vulnerability. #586
This release was based on v1.5.10 and 1.6.0.rc1, and contains changes mentioned in both.
- Remove pre 1.9 monitoring from Travis.
This release was based on v1.5.9, and so does not contain any fixes mentioned in the notes for v1.5.10.
- mini_portile is now a runtime dependency
- Ruby 1.9.2 and higher now required
- (MRI) Source code for libxml 2.8.0 and libxslt 1.2.26 is packaged with the gem. These libraries are compiled at gem install time unless the environment variable NOKOGIRI_USE_SYSTEM_LIBRARIES is set. VERSION_INFO (also
nokogiri -v
) exposes whether libxml was compiled from packaged source, or the system library was used. - (Windows) libxml upgraded to 2.8.0
- Support for Ruby 1.8.7 and prior has been dropped
- (JRuby) Fix out of memory bug when certain invalid documents are parsed.
- (JRuby) Fix regression of billion-laughs vulnerability. #586
- (JRuby) Fix "null document" error when parsing an empty IO in jruby 1.7.3. #883
- (JRuby) Fix schema validation when XSD has DOCTYPE set to DTD. #912 (Thanks, Patrick Cheng!)
- (MRI) Fix segfault when there is no default subelement for an HTML node. #917
- Use rb_ary_entry instead of RARRAY_PTR (you know, for Rubinius). #877 (Thanks, Dirkjan Bussink!)
- Fix TypeError when running tests. #900 (Thanks, Cédric Boutillier!)
- Ensure that prefixed attributes are properly namespaced when reparented. #869
- Fix for inconsistent namespaced attribute access for SVG nested in HTML. #861
- (MRI) Fixed a memory leak in fragment parsing if nodes are not all subsequently reparented. #856
- (JRuby) Fix EmptyStackException thrown by elements with xlink:href attributes and no base_uri #534, #805. (Thanks, Patrick Quinn and Brian Hoffman!)
- Fixes duplicate attributes issue introduced in 1.5.7. #865
- Allow use of a prefixed namespace on a root node using Nokogiri::XML::Builder #868
- Windows support for Ruby 2.0.
- SAX::Parser.parse_io throw an error when used with lower case encoding. #828
- (JRuby) Java Nokogiri is finally green (passes all tests) under 1.8 and 1.9 mode. High five everyone. #798, #705
- (JRuby) Nokogiri::XML::Reader broken (as a pull parser) on jruby - reads the whole XML document. #831
- (JRuby) JRuby hangs parsing "&". #837
- (JRuby) JRuby NPE parsing an invalid XML instruction. #838
- (JRuby) Node#content= incompatibility. #839
- (JRuby) to_xhtml doesn't print the last slash for self-closing tags in JRuby. #834
- (JRuby) Adding an EntityReference after a Text node mangles the entity in JRuby. #835
- (JRuby) JRuby version inconsistency: nil for empty attributes. #818
- CSS queries for classes (e.g., ".foo") now treat all whitespace identically. #854
- Namespace behavior cleaned up and made consistent between JRuby and MRI. #846, #801 (Thanks, Michael Klein!)
- (MRI) SAX parser handles empty processing instructions. #845
- Improved performance of XML::Document#collect_namespaces. #761 (Thanks, Juergen Mangler!)
- New callback SAX::Document#processing_instruction (Thanks, Kitaiti Makoto!)
- Node#native_content= allows setting unescaped node contant. #768
- XPath lookup with namespaces supports symbol keys. #729 (Thanks, Ben Langfeld.)
- XML::Node#[]= stringifies values. #729 (Thanks, Ben Langfeld.)
- bin/nokogiri will process a document from $stdin
- bin/nokogiri -e will execute a program from the command line
- (JRuby) bin/nokogiri --version will print the Xerces and NekoHTML versions.
- Nokogiri now detects XSLT transform errors. #731 (Thanks, Justin Fitzsimmons!)
- Don't throw an Error when trying to replace top-level text node in DocumentFragment. #775
- Raise an ArgumentError if an invalid encoding is passed to the SAX parser. #756 (Thanks, Bradley Schaefer!)
- Prefixed element inconsistency between CRuby and JRuby. #712
- (JRuby) space prior to xml preamble causes nokogiri to fail parsing. (fixed along with #748) #790
- (JRuby) Fixed the bug Nokogiri::XML::Node#content inconsistency between Java and C. #794, #797
- (JRuby) raises INVALID_CHARACTER_ERR exception when EntityReference name starts with '#'. #719
- (JRuby) doesn't coerce namespaces out of strings on a direct subclass of Node. #715
- (JRuby) Node#content now renders newlines properly. #737 (Thanks, Piotr Szmielew!)
- (JRuby) Unknown namespace are ignore when the recover option is used. #748
- (JRuby) XPath queries for namespaces should not throw exceptions when called twice in a row. #764
- (JRuby) More consistent (with libxml2) whitespace formatting when emitting XML. #771
- (JRuby) namespaced attributes broken when appending raw xml to builder. #770
- (JRuby) Nokogiri::XML::Document#wrap raises undefined method `length' for nil:NilClass when trying to << to a node. #781
- (JRuby) Fixed "bad file descriptor" bug when closing open file descriptors. #495
- (JRuby) JRuby/CRuby incompatibility for attribute decorators. #785
- (JRuby) Issues parsing valid XML with no internal subset in the DTD. #547, #811
- (JRuby) Issues parsing valid node content when it contains colons. #728
- (JRuby) Correctly parse the doc type of html documents. #733
- (JRuby) Include dtd in the xml output when a builder is used with create_internal_subset. #751
- (JRuby) builder requires textwrappers for valid utf8 in jruby, not in mri. #784
- Much-improved support for JRuby in 1.9 mode! Yay!
- Regression in JRuby Nokogiri add_previous_sibling (1.5.0 -> 1.5.1) #691 (Thanks, John Shahid!)
- JRuby unable to create HTML doc if URL arg provided #674 (Thanks, John Shahid!)
- JRuby raises NullPointerException when given HTML document is nil or empty string. #699
- JRuby 1.9 error, uncaught throw 'encoding_found', has been fixed. #673
- Invalid encoding returned in JRuby with US-ASCII. #583
- XmlSaxPushParser raises IndexOutOfBoundsException when over 512 characters are given. #567, #615
- When xpath evaluation returns empty NodeSet, decorating NodeSet's base document raises exception. #514
- JRuby raises exception when xpath with namespace is specified. pull request #681 (Thanks, Piotr Szmielew)
- JRuby renders nodes without their namespace when subclassing Node. #695
- JRuby raises NAMESPACE_ERR (org.w3c.dom.DOMException) while instantiating RDF::RDFXML::Writer. #683
- JRuby is not able to use namespaces in xpath. #493
- JRuby's Entity resolving should be consistent with C-Nokogiri #704, #647, #703
- The "nokogiri" script now has more verbose output when passed the
--rng
option. #675 (Thanks, Dan Radez!) - Build support on hardened Debian systems that use
-Werror=format-security
. #680. - Better build support for systems with pkg-config. #584
- Better build support for systems with multiple iconv installations.
- Segmentation fault when creating a comment node for a DocumentFragment. #677, #678.
- Treat '.' as xpath in at() and search(). #690
(MRI) Default parse options for XML documents were changed to not make network connections during document parsing, to avoid XXE vulnerability. #693
To re-enable this behavior, the configuration method nononet
may be called, like this:
Nokogiri::XML::Document.parse(xml) { |config| config.nononet }
Insert your own joke about double-negatives here.
- Support for "prefixless" CSS selectors ~, > and + like jQuery supports. #621, #623. (Thanks, David Lee!)
- Attempting to improve installation on homebrew 0.9 (with regards to iconv). Isn't package management convenient?
- Custom xpath functions with empty nodeset arguments cause a segfault. #634.
- Nokogiri::XML::Node#css now works for XML documents with default namespaces when the rule contains attribute selector without namespace.
- Fixed marshalling bugs around how arguments are passed to (and returned from) XSLT custom xpath functions. #640.
- Nokogiri::XML::Reader#outer_xml is broken in JRuby #617
- Nokogiri::XML::Attribute on JRuby returns a nil namespace #647
- Nokogiri::XML::Node#namespace= cannot set a namespace without a prefix on JRuby #648
- (JRuby) 1.9 mode causes dead lock while running rake #571
- HTML::Document#meta_encoding does not raise exception on docs with malformed content-type. #655
- Fixing segfault related to unsupported encodings in in-context parsing on 1.8.7. #643
- (JRuby) Concurrency issue in XPath parsing. #682
Repackaging of 1.5.1 with a gemspec that is compatible with older Rubies. #631, #632.
- XML::Builder#comment allows creation of comment nodes.
- CSS searches now support namespaced attributes. #593
- Java integration feature is added. Now, XML::Document.wrap and XML::Document#to_java methods are available.
- RelaxNG validator support in the
nokogiri
cli utility. #591 (thanks, Dan Radez!)
- Fix many memory leaks and segfault opportunities. Thanks, Tim Elliott!
- extconf searches homebrew paths if homebrew is installed.
- Inconsistent behavior of Nokogiri 1.5.0 Java #620
- Inheriting from Nokogiri::XML::Node on JRuby (1.6.4/5) fails #560
- XML::Attr nodes are not allowed to be added as node children, so an exception is raised. #558
- No longer defensively "pickle" adjacent text nodes on Node#add_next_sibling and Node#add_previous_sibling calls. #595.
- Java version inconsistency: it returns nil for empty attributes #589
- to_xhtml incorrectly generates when tag is empty #557
- Document#add_child now accepts a Node, NodeSet, DocumentFragment, or String. #546.
- Document#create_element now recognizes namespaces containing non-word characters (like "SOAP-ENV"). This is mostly relevant to users of Builder, which calls Document#create_element for nearly everything. #531.
- File encoding broken in 1.5.0 / jruby / windows #529
- Java version does not return namespace defs as attrs for ::HTML #542
- Bad file descriptor with Nokogiri 1.5.0 #495
- remove_namespace! doesn't work in pure java version #492
- The Nokogiri Java native build throws a null pointer exception when ActiveSupport's .blank? method is called directly on a parsed object. #489
- 1.5.0 Not using correct character encoding #488
- Raw XML string in XML Builder broken on JRuby #486
- Nokogiri 1.5.0 XML generation broken on JRuby #484
- Do not allow multiple root nodes. #550
- Fixes for custom XPath functions. #605, #606 (thanks, Juan Wajnerman!)
- Node#to_xml does not override :save_with if it is provided. #505
- Node#set is a private method (JRuby). #564 (thanks, Nick Sieger!)
- C14n cleanup and Node#canonicalize (thanks, Ivan Pirlik!) #563
- See changelog from 1.4.7
- extracted sets of Node::SaveOptions into Node::SaveOptions::DEFAULT_{X,H,XH}TML (refactor)
- default output of XML on JRuby is no longer formatted due to inconsistent whitespace handling. #415
- (JRuby) making empty NodeSets with null
nodes
member safe to operate on. #443 - Fix a bug in advanced encoding detection that leads to partially duplicated document when parsing an HTML file with unknown encoding.
- Add support for .
- JRuby performance tuning
- See changelog from 1.4.4
- Node#inner_text no longer returns nil. (JRuby) #264
- See changelog from 1.4.3
- JRuby support is provided by a new pure-java backend.
- Ruby 1.8.6 is deprecated. Nokogiri will install, but official support is ended.
- LibXML 2.6.16 and earlier are deprecated. Nokogiri will refuse to install.
- FFI support is removed.
- Fix a bug in advanced encoding detection that leads to partially duplicated document when parsing an HTML file with unknown encoding. Thanks, Timothy Elliott (@ender672)! #478
- This version is functionally identical to 1.4.5.
- Ruby 1.8.6 support has been restored.
- Nokogiri::HTML::Document#title accessor gets and sets the document title.
- extracted sets of Node::SaveOptions into Node::SaveOptions::DEFAULT_{X,H,XH}TML (refactor)
- Raise an exception if a string is passed to Nokogiri::XML::Schema#validate. #406
- Node#serialize-and-friends now accepts a SaveOption object as the, erm, save object.
- Nokogiri::CSS::Parser has-a Nokogiri::CSS::Tokenizer
- (JRUBY+FFI only) Weak references are now threadsafe. #355
- Make direct start_element() callback (currently used for HTML::SAX::Parser) pass attributes in assoc array, just as emulated start_element() callback does. rel. #356
- HTML::SAX::Parser should call back a block given to parse*() if any, just as XML::SAX::Parser does.
- Add further encoding detection to HTML parser that libxml2 does not do.
- Document#remove_namespaces! now handles attributes with namespaces. #396
- XSLT::Stylesheet#transform no longer segfaults when handed a non-XML::Document. #452
- XML::Reader no longer segfaults when under GC pressure. #439
- XML::Node#children= sets the node's inner html (much like #inner_html=), but returns the reparent node(s).
- XSLT supports function extensions. #336
- XPath bind parameter substitution. #329
- XML::Reader node type constants. #369
- SAX Parser context provides line and column information
- XML::DTD#attributes returns an empty hash instead of nil when there are no attributes.
- XML::DTD#{keys,each} now work as expected. #324
- {XML,HTML}::DocumentFragment.{new,parse} no longer strip leading and trailing whitespace. #319
- XML::Node#{add_child,add_previous_sibling,add_next_sibling,replace} return a NodeSet when passed a string.
- Unclosed tags parsed more robustly in fragments. #315
- XML::Node#{replace,add_previous_sibling,add_next_sibling} edge cases fixed related to libxml's text node merging. #308
- Fixed a segfault when GC occurs during xpath handler argument marshalling. #345
- Added hack to Slop decorator to work with previously defined methods. #330
- Fix a memory leak when duplicating child nodes. #353
- Fixed off-by-one bug with nth-last-{child,of-type} CSS selectors when NOT using an+b notation. #354
- Fixed passing of non-namespace attributes to SAX::Document#start_element. #356
- Workaround for libxml2 in-context parsing bug. #362
- Fixed NodeSet#wrap on nodes within a fragment. #331
- XML::Reader#empty_element? returns true for empty elements. #262
- Node#remove_namespaces! now removes namespace declarations as well. #294
- NodeSet#at_xpath, NodeSet#at_css and NodeSet#> do what the corresponding methods of Node do.
- XML::NodeSet#{include?,delete,push} accept an XML::Namespace
- XML::Document#parse added for parsing in the context of a document
- XML::DocumentFragment#inner_html= works with contextual parsing! #298, #281
- lib/nokogiri/css/parser.y Combined CSS functions + pseudo selectors fixed
- Reparenting text nodes is safe, even when the operation frees adjacent merged nodes. #283
- Fixed libxml2 versionitis issue with xmlFirstElementChild et al. #303
- XML::Attr#add_namespace now works as expected. #252
- HTML::DocumentFragment uses the string's encoding. #305
- Fix the CSS3 selector translation rule for the general sibling combinator (a.k.a. preceding selector) that incorrectly converted "E ~ F G" to "//F//G[preceding-sibling::E]".
- XML::Node#parse will parse XML or HTML fragments with respect to the context node.
- XML::Node#namespaces returns all namespaces defined in the node and all ancestor nodes (previously did not return ancestors' namespace definitions).
- Added Enumerable to XML::Node
- Nokogiri::XML::Schema#validate now uses xmlSchemaValidateFile if a filename is passed, which is faster and more memory-efficient. GH #219
- XML::Document#create_entity will create new EntityDecl objects. GH #174
- JRuby FFI implementation no longer uses ObjectSpace._id2ref, instead using Charles Nutter's rocking Weakling gem.
- Nokogiri::XML::Node#first_element_child fetch the first child node that is an ELEMENT node.
- Nokogiri::XML::Node#last_element_child fetch the last child node that is an ELEMENT node.
- Nokogiri::XML::Node#elements fetch all children nodes that are ELEMENT nodes.
- Nokogiri::XML::Node#add_child, #add_previous_sibling, #before, #add_next_sibling, #after, #inner_html, #swap and #replace all now accept a Node, DocumentFragment, NodeSet, or a string containing markup.
- Node#fragment? indicates whether a node is a DocumentFragment.
- XML::NodeSet is now always decorated (if the document has decorators). GH #198
- XML::NodeSet#slice gracefully handles offset+length larger than the set length. GH #200
- XML::Node#content= safely unlinks previous content. GH #203
- XML::Node#namespace= takes nil as a parameter
- XML::Node#xpath returns things other than NodeSet objects. GH #208
- XSLT::StyleSheet#transform accepts hashes for parameters. GH #223
- Psuedo selectors inside not() work. GH #205
- XML::Builder doesn't break when nodes are unlinked. Thanks to vihai! GH #228
- Encoding can be forced on the SAX parser. Thanks Eugene Pimenov! GH #204
- XML::DocumentFragment uses XML::Node#parse to determine children.
- Fixed a memory leak in xml reader. Thanks sdor! GH #244
- Node#replace returns the new child node as claimed in the RDoc. Previously returned +self+.
- The Windows gems now bundle DLLs for libxml 2.7.6 and libxslt 1.1.26. Prior to this release, libxml 2.7.3 and libxslt 1.1.24 were bundled.
- Added Nokogiri::LIBXML_ICONV_ENABLED
- Alias Node#[] to Node#attr
- XML::Node#next_element added
- XML::Node#> added for searching a nodes immediate children
- XML::NodeSet#reverse added
- Added fragment support to Node#add_child, Node#add_next_sibling, Node#add_previous_sibling, and Node#replace.
- XML::Node#previous_element implemented
- Rubinius support
- Ths CSS selector engine now supports :has()
- XML::NodeSet#filter() was added
- XML::Node.next= and .previous= are aliases for add_next_sibling and add_previous_sibling. GH #183
- XML fragments with namespaces do not raise an exception (regression in 1.4.0)
- Node#matches? works in nodes contained by a DocumentFragment. GH #158
- Document should not define add_namespace() method. GH #169
- XPath queries returning namespace declarations do not segfault.
- Node#replace works with nodes from different documents. GH #162
- Adding XML::Document#collect_namespaces
- Fixed bugs in the SOAP4R adapter
- Fixed bug in XML::Node#next_element for certain edge cases
- Fixed load path issue with JRuby under Windows. GH #160.
- XSLT#apply_to will honor the "output method". Thanks richardlehane!
- Fragments containing leading text nodes with newlines now parse properly. GH #178.
- Node#at_xpath returns the first element of the NodeSet matching the XPath expression.
- Node#at_css returns the first element of the NodeSet matching the CSS selector.
- NodeSet#| for unions GH #119 (Thanks Serabe!)
- NodeSet#inspect makes prettier output
- Node#inspect implemented for more rubyish document inspecting
- Added XML::DTD#external_id
- Added XML::DTD#system_id
- Added XML::ElementContent for DTD Element content validity
- Better namespace declaration support in Nokogiri::XML::Builder
- Added XML::Node#external_subset
- Added XML::Node#create_external_subset
- Added XML::Node#create_internal_subset
- XML Builder can append raw strings (GH #141, patch from dudleyf)
- XML::SAX::ParserContext added
- XML::Document#remove_namespaces! for the namespace-impaired
- returns nil when HTML documents do not declare a meta encoding tag. GH #115
- Uses RbConfig::CONFIG['host_os'] to adjust ENV['PATH'] GH #113
- NodeSet#search is more efficient GH #119 (Thanks Serabe!)
- NodeSet#xpath handles custom xpath functions
- Fixing a SEGV when XML::Reader gets attributes for current node
- Node#inner_html takes the same arguments as Node#to_html GH #117
- DocumentFragment#css delegates to it's child nodes GH #123
- NodeSet#[] works with slices larger than NodeSet#length GH #131
- Reparented nodes maintain their namespace. GH #134
- Fixed SEGV when adding an XML::Document to NodeSet
- XML::SyntaxError can be duplicated. GH #148
- Hpricot compatibility layer removed
- NodeSet#children returns all children of all nodes
- Override libxml-ruby's global error handler
- ParseOption#strict fixed
- Fixed a segfault when sending an empty string to Node#inner_html= GH #88
- String encoding is now set to UTF-8 in Ruby 1.9
- Fixed a segfault when moving root nodes between documents. GH #91
- Fixed an O(n) penalty on node creation. GH #101
- Allowing XML documents to be output as HTML documents
- Hpricot compatibility layer will be removed in 1.4.0
- Nokogiri::XML::DTD#validate will validate your document
- Nokogiri::XML::NodeSet#search will search top level nodes. GH #73
- Removed namespace related methods from Nokogiri::XML::Document
- Fixed a segfault when a namespace was added twice
- Made nokogiri work with Snow Leopard GH #79
- Mailing list has moved to: http://groups.google.com/group/nokogiri-talk
- HTML fragments now correctly handle comments and CDATA blocks. GH #78
- Nokogiri::XML::Document#clone is now an alias of dup
- Nokogiri::XML::SAX::Document#start_element_ns is deprecated, please switch to Nokogiri::XML::SAX::Document#start_element_namespace
- Nokogiri::XML::SAX::Document#end_element_ns is deprecated, please switch to Nokogiri::XML::SAX::Document#end_element_namespace
- extconf.rb checks for optional RelaxNG and Schema functions
- Namespace nodes are added to the Document node cache
- Builder changes scope based on block arity
- Builder supports methods ending in underscore similar to tagz
- Nokogiri::XML::Node#<=> compares nodes based on Document position
- Nokogiri::XML::Node#matches? returns true if Node can be found with given selector.
- Nokogiri::XML::Node#ancestors now returns an Nokogiri::XML::NodeSet
- Nokogiri::XML::Node#ancestors will match parents against optional selector
- Nokogiri::HTML::Document#meta_encoding for getting the meta encoding
- Nokogiri::HTML::Document#meta_encoding= for setting the meta encoding
- Nokogiri::XML::Document#encoding= to set the document encoding
- Nokogiri::XML::Schema for validating documents against XSD schema
- Nokogiri::XML::RelaxNG for validating documents against RelaxNG schema
- Nokogiri::HTML::ElementDescription for fetching HTML element descriptions
- Nokogiri::XML::Node#description to fetch the node description
- Nokogiri::XML::Node#accept implements Visitor pattern
- bin/nokogiri for easily examining documents (Thanks Yutaka HARA!)
- Nokogiri::XML::NodeSet now supports more Array and Enumerable operators: index, delete, slice, - (difference), + (concatenation), & (intersection), push, pop, shift, ==
- Nokogiri.XML, Nokogiri.HTML take blocks that receive Nokogiri::XML::ParseOptions objects
- Nokogiri::XML::Node#namespace returns a Nokogiri::XML::Namespace
- Nokogiri::XML::Node#namespace= for setting a node's namespace
- Nokogiri::XML::DocumentFragment and Nokogiri::HTML::DocumentFragment have a sensible API and a more robust implementation.
- JRuby 1.3.0 support via FFI.
- Fixed a problem with nil passed to CDATA constructor
- Fragment method deals with regular expression characters (Thanks Joel!) LH #73
- Fixing builder scope issues LH #61, LH #74, LH #70
- Fixed a problem when adding a child could remove the child namespace LH#78
- Fixed bug with unlinking a node then reparenting it. (GH#22)
- Fixed failure to catch errors during XSLT parsing (GH#32)
- Fixed a bug with attribute conditions in CSS selectors (GH#36)
- Fixed intolerance of HTML attributes without values in Node#before/after/inner_html=. (GH#35)
- Fixing bug where a node is passed in to Node#new
- Namespace should be assigned on DocumentFragment creation. LH #66
- Nokogiri::XML::NodeSet#dup works GH #10
- Nokogiri::HTML returns an empty Document when given a blank string GH#11
- Adding a child will remove duplicate namespace declarations LH #67
- Builder methods take a hash as a second argument
- Nokogiri may be used with soap4r. See XSD::XMLParser::Nokogiri
- Nokogiri::XML::Node#inner_html= to set the inner html for a node
- Nokogiri builder interface improvements
- Nokogiri::XML::Node#swap swaps html for current node (LH #50)
- Fixed a tag nesting problem in the Builder API (LH #41)
- Nokogiri::HTML.fragment will properly handle text only nodes (LH #43)
- Nokogiri::XML::Node#before will prepend text nodes (LH #44)
- Nokogiri::XML::Node#after will append text nodes
- Nokogiri::XML::Node#search automatically registers root namespaces (LH #42)
- Nokogiri::XML::NodeSet#search automatically registers namespaces
- Nokogiri::HTML::NamedCharacters delegates to libxml2
- Nokogiri::XML::Node#[] can take a symbol (LH #48)
- vasprintf for windows updated. Thanks Geoffroy Couprie!
- Nokogiri::XML::Node#[]= should not encode entities (LH #55)
- Namespaces should be copied to reparented nodes (LH #56)
- Nokogiri uses encoding set on the string for default in Ruby 1.9
- Document#dup should create a new document of the same type (LH #59)
- Document should not have a parent method (LH #64)
- Fixed a CSS selector space bug
- Fixed Ruby 1.9 String Encoding (Thanks 角谷さん!)
- CSS search now supports CSS3 namespace queries
- Namespaces on the root node are automatically registered
- CSS queries use the default namespace
- Nokogiri::XML::Document#encoding get encoding used for this document
- Nokogiri::XML::Document#url get the document url
- Nokogiri::XML::Node#add_namespace add a namespace to the node LH#38
- Nokogiri::XML::Node#each iterate over attribute name, value pairs
- Nokogiri::XML::Node#keys get all attribute names
- Nokogiri::XML::Node#line get the line number for a node (Thanks Dirkjan Bussink!)
- Nokogiri::XML::Node#serialize now takes an optional encoding parameter
- Nokogiri::XML::Node#to_html, to_xml, and to_xhtml take an optional encoding
- Nokogiri::XML::Node#to_str
- Nokogiri::XML::Node#to_xhtml to produce XHTML documents
- Nokogiri::XML::Node#values get all attribute values
- Nokogiri::XML::Node#write_to writes the node to an IO object with optional encoding
- Nokogiri::XML::ProcessingInstrunction.new
- Nokogiri::XML::SAX::PushParser for all your push parsing needs.
- Fixed Nokogiri::XML::Document#dup
- Fixed header detection. Thanks rubikitch!
- Fixed a problem where invalid CSS would cause the parser to hang
- Nokogiri::XML::Node.new_from_str will be deprecated in 1.3.0
- Nokogiri::HTML.fragment now returns an XML::DocumentFragment (LH #32)
- Added XML::Node#elem?
- Added XML::Node#attribute_nodes
- Added XML::Attr
- XML::Node#delete added.
- XML::NodeSet#inner_html added.
- Not including an HTML entity for \r for HTML nodes.
- Removed CSS::SelectorHandler and XML::XPathHandler
- XML::Node#attributes returns an Attr node for the value.
- XML::NodeSet implements to_xml
- Custom XPath functions are now supported. See Nokogiri::XML::Node#xpath
- Custom CSS pseudo classes are now supported. See Nokogiri::XML::Node#css
- Nokogiri::XML::Node#<< will add a child to the current node
- Mutex lock on CSS cache access
- Fixed build problems with GCC 3.3.5
- XML::Node#to_xml now takes an indentation argument
- XML::Node#dup takes an optional depth argument
- XML::Node#add_previous_sibling returns new sibling node.
- Fixed memory leak when using Dike
- SAX parser now parses IO streams
- Comment nodes have their own class
- Nokogiri() should delegate to Nokogiri.parse()
- Prepending rather than appending to ENV['PATH'] on windows
- Fixed a bug in complex CSS negation selectors
- XPath Parser raises a SyntaxError on parse failure
- CSS Parser raises a SyntaxError on parse failure
- filter() and not() hpricot compatibility added
- CSS searches via Node#search are now always relative
- CSS to XPath conversion is now cached
- Added mailing list and ticket tracking information to the README.txt
- Sets ENV['PATH'] on windows if it doesn't exist
- Caching results of NodeSet#[] on Document
- Changed memory management from weak refs to document refs
- Plugged some memory leaks
- Builder blocks can call methods from surrounding contexts
- NodeSet now implements to_ary
- XML::Document should not implement parent
- More GC Bugs fixed. (Mike is AWESOME!)
- Removed RARRAY_LEN for 1.8.5 compatibility. Thanks Shane Hanna.
- inner_html fixed. (Thanks Yehuda!)
- extconf.rb should not check for frex and racc
- Made sure extconf.rb searched libdir and prefix so that ports libxml/ruby will link properly. Thanks lucsky!
- Birthday!