css4j v3.5.2

Build fixes

The previous 3.5.1 version was producing correct Maven metadata, but the generated Gradle metadata was incorrect (it advertised a minimum required version of Java 11).

Even if you use Apache Maven to build your project, you may have downstream users with Gradle builds. If you are using css4j 3.5.0 or 3.5.1 you are encouraged to upgrade to 3.5.2.

css4j v3.5.1

Release 3.5.0 was compiled targeting Java 11, and 3.5.1 recovers the dual 8/11 build of previous versions.

css4j v3.5.0

Gradle build

The project is now built by Gradle instead of Maven. It is no longer necessary to manually install the dependencies that are not available in Maven Central.

css4j v3.4.0

Support for lab() and lch() color functions

The lab() and lch() functions are finally landing in Webkit, and the other major browsers have shown interest in implementing them (although it may still take some time).

The usage of these functions in a toolchain with the typical Java open source tools (which tend to use the sRGB default color space) could be problematic, as lab() and lch() are often specified out of that gamut, but an accurate RGB clamping method is provided.

Customizable serialization of computed styles

Now you can control the serialization of computed styles thanks to a new factory method: StyleFormattingFactory.createComputedStyleFormattingContext(), which returns a DeclarationFormattingContext.

A non-default implementation of that interface, called RGBStyleFormattingFactory, is provided for the convenience of users that can only deal with RGB colors in computed styles (for example those feeding CSS4J computed styles into Apache FOP). Basically, it allows to use modern CSS with Lab, LCh or Hsl colors and then convert them to RGB at the computed-style stage.

CSSOM: make the old rgb(a) color functional serialization with commas the default for color conversions to RGB

When parsing, the library uses the same RGB format that was specified. That is, if the input was a rgba() function with commas, it serialized that way. However, when other types of colors were converted to RGB, it defaulted to the modern format without the commas. That default was not the most adequate though:

1. According to the 2020 Web Almanac, "99.89% of functionally specified sRGB colors are using the since-forever legacy format with commas [...] rather than the new comma-less form".

2. XSL:FO uses the old format with commas, see https://www.w3.org/TR/xsl/#expr-color-functions

So the default format for values converted to RGB now has commas.

Added method match(CSSValueSyntax) to both LexicalUnit and CSSValue

This allows checking the grammar of values against specific syntaxes like <length>+, <string>#, <transform-function> or <unicode-range>#.

Support registered custom properties (including @property rules) from CSS Properties and Values API Level 1

The rule (that currently only works in Chrome/Blink) allows to customize the behaviour of custom properties. The direct setting of property syntax through DOM is also supported.

DOM: add the DOMNode.removeAllChild() convenience method

AFAIK no other DOM implementation contains this useful method.

css4j v3.3.0

This release is published ahead of schedule because it provides APIs used by the EchoSVG software, but also has a couple of interesting additions:

• DOM: new DOMElement.getInnerText().
• CSSOM: support the :dir() pseudo-class in computed styles, important for users of arabic and other right-to-left languages.

css4j v3.2.0

Notable changes:

• New additions to the API, notably SelectorList.replace(int, Selector), the new geom package, and Visitor<T> added to carte-util.
• DOM has quite a few traversal methods, but CSSOM just has the rule lists. New (non-standard) style sheet traversal methods have been added, based on the Visitor pattern. The parent Carte project uses them to perform SVG-related processing.
• A specialized AttributeConditionVisitor allows modification of attribute selectors upon traversal, very useful to integrate SVG inline images in HTML.
• :any-link was overlooked but is now supported. :link and :visited now only apply to the link-related HTML elements and anything with a xlink:href, while previously any element with an href attribute was matching.
• Loads of improvements and fixes to the native DOM implementation. The new element-name iterator is a time saver. If you use native DOM, you are invited to upgrade.
• In the native DOM and DOM4J, embedded style sheets are no longer used if they belong to a different namespace than the document element, preventing -for example- potential clashes with SVG styles and providing less overhead for the style computations when many SVG elements are present. Web browsers do not make this distinction about STYLE elements though, but IMHO is the right behaviour to have.
• A security loophole was fixed in the DOM wrapper, which could allow setting an unsafe base href.
• DOM4J module now depends on xmlpull-xpp3 1.2 artifact from https://github.com/xmlpull-xpp3/xmlpull-xpp3 instead of the old xpp3. The new artifact is not available from Maven Central -which is unlikely to make downstream users happy- but it is an optional dependency after all.
• In the DOM4J module, Element.setAttributeNode() and setAttributeNodeNS() were not working correctly due to an upstream bug. Now css4j overrides the relevant methods.

css4j v1.2.0

The 1-stable branch is supposed to be superseded, but there are people still downloading 1.x artifacts so this release includes the 1-stable backports of several 3.x improvements. However, users are encouraged to upgrade to 3.2 or later as soon as possible. When upgrading, please keep in mind that 2 and 3.x releases require Java 8 or higher.

Notable changes:

• New geom package.
• :any-link was overlooked but is now supported. :link and :visited now only apply to the link-related HTML elements and anything with a xlink:href, while previously any element with an href attribute was matching.
• Loads of improvements and fixes to the native DOM implementation. The new element-name iterator is a time saver. If you use native DOM, you are invited to upgrade.
• In the native DOM and DOM4J, embedded style sheets are no longer used if they belong to a different namespace than the document element, preventing -for example- potential clashes with SVG styles and providing less overhead for the style computations when many SVG elements are present. Web browsers do not make this distinction about STYLE elements though, but IMHO is the right behaviour to have.
• A security loophole was fixed in the DOM wrapper, which could allow setting an unsafe base href.
• DOM4J module now depends on xmlpull-xpp3 1.2 artifact from https://github.com/xmlpull-xpp3/xmlpull-xpp3 instead of the old xpp3. The new artifact is not available from Maven Central -which is unlikely to make downstream users happy- but it is an optional dependency after all.
• In the DOM4J module, Element.setAttributeNode() and setAttributeNodeNS() were not working correctly due to an upstream bug. Now css4j overrides the relevant methods.

These changes mean that this release is not a drop-in replacement for 1.1, so the minor version was bumped to 1.2.

css4j v3.1.0

• Previous versions are vulnerable to DoS attacks, and the new protections use the new CSSDocument.isAuthorizedOrigin(URL) method.
• The method ErrorHandler.hasErrors() now returns true if there are I/O errors. Those errors were previously considered transient, and therefore weren't appearing there.
• DOM: DOMDocument.getDomConfig() was undeprecated, and the DOMConfiguration can be used to control the normalization of the document.
• DOM: on attribute nodes, getTextContent() now returns the attribute value instead of the empty string.
• DOM: DOM nodes now implement java.io.Serializable.
• DefaultEntityResolver.resolveEntity(DocumentTypeDeclaration) is deprecated.

("DOM:" means that the change applies to "Native DOM implementation").

These new behaviors mean that this release is not fully backwards-compatible with 3.0, so the minor version was bumped to 3.1. Additionally, the following are important fixes/improvements:

• Case sensitivity fixes: Native DOM correctly matched the selector [Foo] to the attribute foo="bar" in HTML documents, but neither the XML-oriented DOM implementations in the DOM wrapper nor the DOM4J back-end did. Now they both do, and a few other smaller case sensitivity fixes were applied as well.
• DOM: normalization of element-content whitespace is now based on the value of the whitespace CSS property, and so does DOMWriter serialization.
• DOM: indented serialization of inline-block elements in DOMWriter.

css4j v2.2.0

• Previous versions are vulnerable to DoS attacks, and the new protections use the new CSSDocument.isAuthorizedOrigin(URL) method.
• The method ErrorHandler.hasErrors() now returns true if there are I/O errors. Those errors were previously considered transient, and therefore weren't appearing there.
• On attribute nodes, getTextContent() now returns the attribute value instead of the empty string.

These new behaviors mean that this release is not fully backwards-compatible with 2.1, so the minor version was bumped to 2.2.

css4j v1.1.0

This release backports a few 3.x improvements to the 1.x branch, although users should upgrade to 3.1 or later as soon as possible. When upgrading, please keep in mind that 2 and 3.x releases require Java 8 or higher.

Notable changes:

• Previous versions are vulnerable to DoS attacks, and the new protections use the new CSSDocument.isAuthorizedOrigin(URL) method.
• The method ErrorHandler.hasErrors() now returns true if there are I/O errors. Those errors were previously considered transient, and therefore weren't appearing there.
• On attribute nodes, getTextContent() now returns the attribute value instead of the empty string.

These new behaviors mean that this release is not fully backwards-compatible with 1.0, so the minor version was bumped to 1.1.