noopener noreferrer getting added every time even if "noopener noreferrer" already exist

[anupamamanish]

1. HTML we have before sanitize <a href="http://hcl.com" target="_blank">cool</a> after sanitize I am getting <a href="http://hcl.com" target="_blank" rel="noopener noreferrer">cool</a>

2. If I have below code to sanitize <a href="http://hcl.com" target="_blank" rel="noopener noreferrer">cool</a> after sanitize <a href="http://hcl.com" target="_blank" rel="noopener noreferrer noopener noreferrer">cool</a>

The issue is "noopener noreferrer " gets appended every time we sanitize the html.

Expected result "noopener noreferrer " should not get appended if it is already present in the HTML

[anupamamanish]

Hello,   I am currently working on it.   Thank you, Anupama Shinde   ----- Original message ----- From: "Prashant" @.> To: "OWASP/java-html-sanitizer" @.> Cc: "anupamamanish" @.>, "Author" @.> Subject: Re: [OWASP/java-html-sanitizer] noopener noreferrer getting added every time even if "noopener noreferrer" already exist (Issue #280)Date: Tue, Jan 23, 2024 4:51 PM 

[CAUTION: This email is from outside the organization. Unless you trust the sender, don't click links or open attachments as it may be a phishing email, which can steal your information and compromise your computer.]

  Hey there,If nobody is currently addressing this issue, I will take the initiative to investigate and propose a solution for it. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

 

[csware]

Should be fixed on main.

[getnot]

@csware Thank you for addressing the issue 🙏 . I just want to inquire about the expected release date for these changes. If I'm not mistaken, the last release was conducted quite a while ago, back in 2022.

[pavelda2]

I'd also like to add a question to @mikesamuel, the author of the change, asking if a library release is planned in the near future. I would also appreciate the release of this patch.