Closed Metavirulent closed 3 years ago
The degree of tolerance for bad markup depends on the htmlparser2 module upon which sanitize-html is built. You could take up the issue there, but it's not wrong to treat this as an opening tag and disregard the rest of the string. sanitize-html
is designed to sanitize valid HTML, not to guess at user intent in handwritten text with some HTML markup. The most common use case for sanitize-html is cleaning up valid but unwanted tags and attributes, for instance when pasted into a rich text editor or submitted maliciously by a script.
To Reproduce
Expected behavior
Should output: we all know that one<two, isn't it?
Describe the bug
It seems that the "<two" triggers an opening tag in the parsing but since there is no closing tag, the remainder of the string gets skipped.
Details
Version of Node.js:
Server Operating System: