bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
BSD 3-Clause "New" or "Revised" License
3.08k
stars
178
forks
source link
In the UGCPolicy() the cite attribute on q should be a URL not a paragraph. #1
Closed
buro9 closed 10 years ago
Interestingly this is the only example of a href link that does not permit a rel="nofollow" attribute.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/q