cloudflare/lol-html v3.0.0

v3.0.0

Repository: cloudflare/lol-html

Tag: v3.0.0

Published: 2026-06-02T09:14:36Z

Prerelease: no

Release notes:

• Added MemorySettings::with_graceful_bail_out_on_memory_limit_exceeded(): when set, the

rewriter flushes every input byte it has received but not yet emitted to the sink (as-is) before returning MemoryLimitExceededError, so callers can continue the response by writing subsequent bytes directly to their downstream sink instead of breaking it.

• Added Settings::with_graceful_bail_out_on_content_handler_error(): symmetric to the

memory setting above, but for RewritingError::ContentHandlerError. When set, the rewriter flushes remaining input bytes before propagating a handler error, preserving the response. Currently exposed via the Rust API only; the C API still uses the original behavior.

• Added Settings::append_bail_out_handler() and the matching bail_out! macro,

BailOut rewritable unit, and BailOutHandler / BailOutHandlerSend type aliases. Bail-out handlers fire immediately before the raw flush of remaining unparsed input on a graceful bail-out (memory or content-handler error). Handlers receive the RewritingError and a BailOut through which they can append final bytes to the sink via BailOut::append(content, content_type). Intended for handlers that buffer state across the document (e.g. text-buffering handlers that defer emission) and need to flush that state on bail-out.

• Marked RewritingError #[non_exhaustive] so future error variants can be added without

a major version bump. External callers can still match on it, but must include a catch-all _ => arm.

• Reworked Settings, MemorySettings and RewriteStrSettings to use a consuming-builder

API. Fields are now private; construction is via ::new() plus chained with_* setters and append_* methods for the content-handler vectors. This makes future field additions non-breaking. Migration:

// before
Settings {
element_content_handlers: vec![element!("div", |el| { /* ... */ Ok(()) })],
strict: false,
..Settings::new()
}
// after
Settings::new()
.with_strict(false)
.append_element_content_handler(element!("div", |el| { /* ... */ Ok(()) }))

• Renamed the internal-use feature integration_test to _integration_test. The leading

underscore signals to cargo-semver-checks and similar tools that the feature is not part of the public API.

• Comment::set_text now also rejects --!>, a leading >, and a leading ->, which

WHATWG-conformant browsers treat as comment terminators. Previously only --> was rejected, so a caller passing attacker-influenced data could let an attacker break out of the comment and inject HTML (security fix).