search

mganss / HtmlSanitizer

Cleans HTML to avoid XSS attacks
MIT License
1.52k stars 198 forks source link

Strange issue with sanitizing URL part #457

Closed msmolka closed 11 months ago

msmolka commented 11 months ago

Hello

When I sanitizing following URL part:

&noteId=10

The result is following:

¬eId=10

Which messes body URLs

mganss commented 11 months ago

Are you trying to sanitize the above as-is, i.e. not as part of an HTML element's attribute? If so, this is expected behavior, see #362