search

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
https://github.com/microcosm-cc/bluemonday
BSD 3-Clause "New" or "Revised" License
3.08k stars 178 forks source link

In the UGCPolicy() the cite attribute on q should be a URL not a paragraph. #1

Closed buro9 closed 10 years ago

buro9 commented 10 years ago

Interestingly this is the only example of a href link that does not permit a rel="nofollow" attribute.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/q

buro9 commented 10 years ago

Resolved by https://github.com/microcosm-cc/bluemonday/commit/6280065979ff8cd5b6c566df3e4691a92a4de4db