• Added MemorySettings::with_graceful_bail_out_on_memory_limit_exceeded(): when set, the
  rewriter flushes every input byte it has received but not yet emitted to the sink (as-is)
  before returning MemoryLimitExceededError, so callers can continue the response by
  writing subsequent bytes directly to their downstream sink instead of breaking it.
• Added Settings::with_graceful_bail_out_on_content_handler_error(): symmetric to the
  memory setting above, but for RewritingError::ContentHandlerError. When set, the
  rewriter flushes remaining input bytes before propagating a handler error, preserving
  the response. Currently exposed via the Rust API only; the C API still uses the original
  behavior.
• Added Settings::append_bail_out_handler() and the matching bail_out! macro,
  BailOut rewritable unit, and BailOutHandler / BailOutHandlerSend type aliases.
  Bail-out handlers fire immediately before the raw flush of remaining unparsed input on a
  graceful bail-out (memory or content-handler error). Handlers receive the
  RewritingError and a BailOut through which they can append final bytes to the sink
  via BailOut::append(content, content_type). Intended for handlers that buffer state
  across the document (e.g. text-buffering handlers that defer emission) and need to
  flush that state on bail-out.
• Marked RewritingError #[non_exhaustive] so future error variants can be added without
  a major version bump. External callers can still match on it, but must include a
  catch-all _ => arm.
• Reworked Settings, MemorySettings and RewriteStrSettings to use a consuming-builder
  API. Fields are now private; construction is via ::new() plus chained with_* setters
  and append_* methods for the content-handler vectors. This makes future field additions
  non-breaking. Migration:

  // before
  Settings {
      element_content_handlers: vec![element!("div", |el| { /* ... */ Ok(()) })],
      strict: false,
      ..Settings::new()
  }
  // after
  Settings::new()
      .with_strict(false)
      .append_element_content_handler(element!("div", |el| { /* ... */ Ok(()) }))

• Renamed the internal-use feature integration_test to _integration_test. The leading
  underscore signals to cargo-semver-checks and similar tools that the feature is not
  part of the public API.
• Comment::set_text now also rejects --!>, a leading >, and a leading ->, which
  WHATWG-conformant browsers treat as comment terminators. Previously only --> was
  rejected, so a caller passing attacker-influenced data could let an attacker break out
  of the comment and inject HTML (security fix).

What's Changed

• Added OutputSink::set_encoding #315
• Made rewrite_str ignore conflicting encodings #316
• Added name_source_location() and value_source_location() to Attribute by @gmalette in #313

New Contributors

• @gmalette made their first contribution in #313

Full Changelog: v2.8.1...v2.9.0

What's Changed

• Added support for nested :not() with simple selectors. #304
• Added on_end_tag convenience method #308
• Reduced allocations in #306 #307 #309

• Replaced several panicking assertions with gracefully reported errors, especially in the C API.

• Performance improvements.
• Updated dependencies.

• Improve type generation in js-api.
• Updated dependencies.

• Added source code locations to the C and JS APIs.
• Significant performance improvements and code size reductions.

• Source code locations for tags and other tokens.
• Document text chunks and escaping of attributes.
• Selector validation improvements.

• Upgraded selectors and cssparser.

• Added element.onEndTag to JS bindings.
• Refactored TextDecoder and token construction to avoid heap allocations.
• Added fast paths for UTF-8 rewrites.