README.md in rails-deprecated_sanitizer-1.0.2 vs README.md in rails-deprecated_sanitizer-1.0.3

- old
+ new

@@ -1,15 +1,16 @@ # Rails::Deprecated::Sanitizer -In Rails 4.2 the sanitization implementation uses Loofah by default. -Previously html-scanner was used for this. -This gem includes that old behavior for easier migration and it will be supported until Rails 5. +In Rails 4.2 HTML sanitization has been rewritten using a more secure library. -If you need this behavior, add the gem to an applications gemfile, run `bundle` and the deprecated behavior is installed. +This gem includes the old behavior shipping with Rails 4.2 and before. It is +strictly provided to ease migration. It will be supported until Rails 5. - gem 'rails-deprecated_sanitizer' +To downgrade add `gem 'rails-deprecated_sanitizer'` to your Gemfile. -You can read more about the new behavior here: [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer). +See the Rails 4.2 upgrade guide for more information. + +You can read more about the new sanitization implementation here: [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer). # Reporting XSS Security Issues The code provided here deals with XSS attacks and is therefore a security concern. So if you find a security issue please follow the [regular security reporting guidelines](http://rubyonrails.org/security/).