bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
BSD 3-Clause "New" or "Revised" License
3.08k
stars
178
forks
source link
Trailing spaces in style attributes break sanitizing #171
Closed
sergeyfedotov closed 1 year ago
When the value of the style attribute contains trailing spaces the value is omitted entirely due to a parsing issue.
Input:
<p style=" color: red ; text-align: center ; "></p>
Expected output:
<p style="color: red; text-align: center"></p>
Actual output:
<p></p>