README.md in rails-deprecated_sanitizer-1.0.2 vs README.md in rails-deprecated_sanitizer-1.0.3
- old
+ new
@@ -1,15 +1,16 @@
# Rails::Deprecated::Sanitizer
-In Rails 4.2 the sanitization implementation uses Loofah by default.
-Previously html-scanner was used for this.
-This gem includes that old behavior for easier migration and it will be supported until Rails 5.
+In Rails 4.2 HTML sanitization has been rewritten using a more secure library.
-If you need this behavior, add the gem to an applications gemfile, run `bundle` and the deprecated behavior is installed.
+This gem includes the old behavior shipping with Rails 4.2 and before. It is
+strictly provided to ease migration. It will be supported until Rails 5.
- gem 'rails-deprecated_sanitizer'
+To downgrade add `gem 'rails-deprecated_sanitizer'` to your Gemfile.
-You can read more about the new behavior here: [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer).
+See the Rails 4.2 upgrade guide for more information.
+
+You can read more about the new sanitization implementation here: [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer).
# Reporting XSS Security Issues
The code provided here deals with XSS attacks and is therefore a security concern.
So if you find a security issue please follow the [regular security reporting guidelines](http://rubyonrails.org/security/).