Bump golang.org/x/net to latest

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.12k stars 176 forks source link

Bump golang.org/x/net to latest #148

Closed zhsj closed 1 year ago

zhsj commented 2 years ago

Due to https://github.com/golang/net/commit/06994584 HTML comment is escaped.

buro9 commented 1 year ago

I'll bump to the very latest, but cannot work around the changes in x/net/html .

This means that Microsoft style use of comments to create browser specific sections will no longer work in bluemonday.

The few attempts I've made to restore that functionality do not do it safely, that is... they create a huge security risk for those that allow comments.

The workaround here will be to post-process sanitized HTML to restore any desired HTML comments.