Sanitize should not add forcibly add values to query components

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.12k stars 176 forks source link

Sanitize should not add forcibly add values to query components #115

Closed zeripath closed 3 years ago

zeripath commented 3 years ago

Although query components are often key=value pairs - there is no absolute requirement for the keys to have values and if there is not a value then the equal sign should not be added.

Fixes go-gitea/gitea#15349

Signed-off-by: Andrew Thornton art27@cantab.net

silverwind commented 3 years ago

Should add a test as well.

lunny commented 3 years ago

Thanks @zeripath !

buro9 commented 3 years ago

Thanks to all... writers and reviewers :pray: