src with blob:... is removed

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.16k stars 633 forks source link

Open tungnat97 opened 1 year ago

tungnat97 commented 1 year ago

Wanted behavior: src of blob type won't be removed.

Kolobok12309 commented 1 year ago

Example:

// src
<img src="blob:http://localhost:3000/396578e2-1e38-450a-a947-deb08d786d2d">

// result
<img src>