microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
https://github.com/microcosm-cc/bluemonday
BSD 3-Clause "New" or "Revised" License
3.12k stars 176 forks source link

Add the supplement of escaping in README.md #137

Closed yar2001 closed 2 years ago

yar2001 commented 2 years ago

Add the supplement of escaping in README.md

https://github.com/microcosm-cc/bluemonday/issues/39#issue-218231474

buro9 commented 2 years ago

I won't merge this as the guidance produces risks for most users. There are only a limited number of circumstances in which this should be applied, and for the vast majority it defeats the purpose of using a HTML sanitizer. I've replied to the issue this was in response to with that detail: https://github.com/microcosm-cc/bluemonday/issues/39#issuecomment-1003087562

Thank you for taking the time, but without really knowing what someone is trying to do this can be a dangerous piece of advice.