Don't enable options by default

[MSch]

Just got hit by #24 because I expected no potentially unsafe options to be enabled by default.

Furthermore the https://github.com/paolochiodi/htmlcompressor#usage documentation has different "basic and safe default options" than middleman-minify-html

[tdreyno]

Can you explain further?

[MSch]

Yes, I turned on minify_html, enabling remove_comments, expecting this to only remove comments not perform other, potentially unsafe, actions.

The htmlcompressor project by default does not enable any options for precisely this reason.

middleman-minify-html does enable options by default which do break websites.

[rmoriz]

It removes the http://-protocol part in every outgoing link by default.
When you deploy your middleman site on https with minify-html enabled, all http-only links will break.

see:

=> go to https://middlemanapp.com/
=> click on "Thomas Reynolds" (near the footer)

=> no protocol specified
=> https assumed (like https://middlemanapp.com/)
=> but https not configured (in your case a wrong certificate warning)

Update:
Okay looks like in the case of https://middlemanapp.com/ it's caused manually in https://github.com/middleman/middleman-guides/blob/master/source/localizable/_footer.html.erb however minify-html does this automatically by default and would have broken the link the same way

[Arcovion]

Further down in their readme is:

The middleware uses a little more aggressive options by default:

Those are the defaults we're using, so please let https://github.com/paolochiodi/htmlcompressor know about this too.